CVE-2019-5062Expected Behavior Violation in Hostapd

CWE-440Expected Behavior ViolationCWE-346Origin Validation ErrorCWE-20Improper Input Validation7 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 82.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
W1.fi Hostapd
Timeline
PublishedDec 12
Latest updateMay 24

Description

An exploitable denial-of-service vulnerability exists in the 802.11w security state handling for hostapd 2.6 connected clients with valid 802.11w sessions. By simulating an incomplete new association, an attacker can trigger a deauthentication against stations using 802.11w, resulting in a denial of service.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDw1.fi/hostapd2.6

🔴Vulnerability Details

3
GHSA
GHSA-gv78-7qxh-6mj5: An exploitable denial-of-service vulnerability exists in the 8022022-05-24
CVEList
CVE-2019-5062: An exploitable denial-of-service vulnerability exists in the 8022019-12-12
OSV
CVE-2019-5062: An exploitable denial-of-service vulnerability exists in the 8022019-12-12

📋Vendor Advisories

1
Debian
CVE-2019-5062: wpa - An exploitable denial-of-service vulnerability exists in the 802.11w security st...2019

💬Community

2
Bugzilla
CVE-2019-5062 hostapd: dos in the 802.11w security state handling [epel-6]2020-01-27
Bugzilla
CVE-2019-5062 hostapd: dos in the 802.11w security state handling2020-01-27
CVE-2019-5062 — Expected Behavior Violation in Hostapd | cvebase