Lucene search
Alpine Linux Development TeamALPINE:CVE-2019-9498HistoryApr 17, 2019 - 2:29 p.m.
CVE-2019-9498
2019-04-1714:29:00
Alpine Linux Development Team
security.alpinelinux.org
14
0.007 Low
EPSS
Percentile
80.7%
The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication, gaining session key and network access without needing or learning the password. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-main | noarch | wpa_supplicant | <Â 2.7-r2 | UNKNOWN |
| Alpine | 3.10-main | noarch | wpa_supplicant | <Â 2.7-r2 | UNKNOWN |
| Alpine | 3.11-main | noarch | wpa_supplicant | <Â 2.7-r2 | UNKNOWN |
| Alpine | 3.12-main | noarch | wpa_supplicant | <Â 2.7-r2 | UNKNOWN |
| Alpine | 3.13-main | noarch | wpa_supplicant | <Â 2.7-r2 | UNKNOWN |
| Alpine | 3.14-main | noarch | wpa_supplicant | <Â 2.7-r2 | UNKNOWN |
| Alpine | 3.15-main | noarch | wpa_supplicant | <Â 2.7-r2 | UNKNOWN |
| Alpine | 3.16-main | noarch | wpa_supplicant | <Â 2.7-r2 | UNKNOWN |
| Alpine | 3.17-main | noarch | wpa_supplicant | <Â 2.7-r2 | UNKNOWN |
| Alpine | 3.18-main | noarch | wpa_supplicant | <Â 2.7-r2 | UNKNOWN |
Related
redhatcve
redhatcve
CVE-2019-9498
2020-04-29 15:10:05
ubuntucve
ubuntucve
CVE-2019-9498
2019-04-10 00:00:00
CVE-2019-11235
2019-04-16 00:00:00
cvelist
cvelist
CVE-2019-9498 The implementations of EAP-PWD in hostapd EAP Server do not validate the scalar and element values in EAP-pwd-Commit
2019-04-17 13:31:08
CVE-2019-11235
2019-04-21 16:40:32
osv
osv
CVE-2019-9498
2019-04-17 14:29:04
CVE-2019-11235
2019-04-22 11:29:03
wpa - security update
2019-04-10 00:00:00
prion
prion
Authentication flaw
2019-04-17 14:29:00
Code injection
2019-04-22 11:29:00
cve
cve
CVE-2019-9498
2019-04-17 14:29:00
CVE-2019-11235
2019-04-22 11:29:00
debiancve
debiancve
CVE-2019-9498
2019-04-17 14:29:00
CVE-2019-11235
2019-04-22 11:29:00
nessus
nessus
alpinelinux
alpinelinux
CVE-2019-11235
2019-04-22 11:29:00
freebsd
freebsd
FreeBSD -- EAP-pwd missing commit validation
2019-04-10 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2020-1036)
2020-01-23 00:00:00
Debian: Security Advisory (DLA-1867-1)
2019-08-01 00:00:00
Huawei EulerOS: Security Advisory for wpa_supplicant (EulerOS-SA-2020-1073)
2020-01-23 00:00:00
debian
debian
[SECURITY] [DLA 1867-1] wpa security update
2019-07-31 22:11:07
[SECURITY] [DSA 4430-1] wpa security update
2019-04-11 06:13:36
ubuntu
ubuntu
wpa_supplicant and hostapd vulnerabilities
2019-04-10 00:00:00
amazon
amazon
Important: freeradius
2019-05-29 19:08:00
fedora
fedora
[SECURITY] Fedora 30 Update: wpa_supplicant-2.7-5.fc30
2019-04-15 00:04:30
[SECURITY] Fedora 28 Update: hostapd-2.7-2.fc28
2019-04-23 18:49:46
[SECURITY] Fedora 30 Update: hostapd-2.7-2.fc30
2019-04-27 21:31:36
rosalinux
rosalinux
Advisory ROSA-SA-2021-1836
2021-07-02 16:43:57
Advisory ROSA-SA-2021-1998
2021-07-02 18:21:00
cert
cert
fortinet
fortinet
Protect
2020-01-03 00:00:00
hackerone
hackerone
photon
photon
Important Photon OS Security Update - PHSA-2019-0011
2019-04-23 00:00:00
Important Photon OS Security Update - PHSA-2019-3.0-0011
2019-04-23 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-19:03.wpa
2019-05-14 00:00:00
suse
suse
Security update for hostapd (moderate)
2020-02-15 00:00:00
Security update for wpa_supplicant (moderate)
2020-11-27 00:00:00
Security update for wpa_supplicant (moderate)
2020-11-26 00:00:00