2019-03-01 12:04:26 -05:00
{
2019-04-17 14:00:52 +00:00
"CVE_data_meta" : {
"AKA" : "Dragonblood" ,
"ASSIGNER" : "cert@cert.org" ,
"ID" : "CVE-2019-9498" ,
"STATE" : "PUBLIC" ,
"TITLE" : "The implementations of EAP-PWD in hostapd EAP Server do not validate the scalar and element values in EAP-pwd-Commit"
} ,
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "hostapd with EAP-pwd support" ,
"version" : {
"version_data" : [
{
"version_affected" : "<=" ,
"version_name" : "2.7" ,
"version_value" : "2.7"
}
]
}
} ,
{
"product_name" : "wpa_supplicant with EAP-pwd support" ,
"version" : {
"version_data" : [
{
"version_affected" : "<=" ,
"version_name" : "2.7" ,
"version_value" : "2.7"
}
]
}
} ,
{
"product_name" : "hostapd with SAE support" ,
"version" : {
"version_data" : [
{
"version_affected" : "<=" ,
"version_name" : "2.4" ,
"version_value" : "2.4"
}
]
}
} ,
{
"product_name" : "wpa_supplicant with SAE support" ,
"version" : {
"version_data" : [
{
"version_affected" : "<=" ,
"version_name" : "2.4" ,
"version_value" : "2.4"
}
]
}
}
]
} ,
"vendor_name" : "Wi-Fi Alliance"
}
]
}
} ,
"data_format" : "MITRE" ,
"data_type" : "CVE" ,
"data_version" : "4.0" ,
"description" : {
"description_data" : [
2019-03-18 04:15:55 +00:00
{
2019-04-17 14:00:52 +00:00
"lang" : "eng" ,
"value" : "The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected."
2019-03-18 04:15:55 +00:00
}
2019-04-17 14:00:52 +00:00
]
} ,
"generator" : {
"engine" : "Vulnogram 0.0.6"
} ,
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng" ,
"value" : "CWE-346 Origin Validation Error"
}
]
}
]
} ,
"references" : {
"reference_data" : [
{
"name" : "https://w1.fi/security/2019-4/" ,
"refsource" : "CONFIRM" ,
"url" : "https://w1.fi/security/2019-4/"
2019-04-23 22:00:48 +00:00
} ,
2019-05-15 22:00:49 +00:00
{
"refsource" : "CONFIRM" ,
"name" : "https://www.synology.com/security/advisory/Synology_SA_19_16" ,
"url" : "https://www.synology.com/security/advisory/Synology_SA_19_16"
} ,
2019-04-23 22:00:48 +00:00
{
"refsource" : "FEDORA" ,
"name" : "FEDORA-2019-d03bae77f5" ,
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"
} ,
{
"refsource" : "FEDORA" ,
"name" : "FEDORA-2019-f409af9fbe" ,
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"
2019-04-28 00:00:49 +00:00
} ,
{
"refsource" : "FEDORA" ,
"name" : "FEDORA-2019-eba1109acd" ,
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"
2019-05-15 02:00:51 +00:00
} ,
{
"refsource" : "FREEBSD" ,
"name" : "FreeBSD-SA-19:03" ,
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"
2019-05-15 12:00:54 +00:00
} ,
{
"refsource" : "BUGTRAQ" ,
"name" : "20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa" ,
"url" : "https://seclists.org/bugtraq/2019/May/40"
2019-08-01 00:00:50 +00:00
} ,
{
"refsource" : "MLIST" ,
"name" : "[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update" ,
"url" : "https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html"
2020-02-16 01:01:04 +00:00
} ,
{
"refsource" : "SUSE" ,
"name" : "openSUSE-SU-2020:0222" ,
"url" : "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"
2019-04-17 14:00:52 +00:00
}
]
} ,
"source" : {
"discovery" : "UNKNOWN"
}
2019-03-18 04:15:55 +00:00
}
