CVE-2019-9494: The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access…

medium5.9CVSS 3.1

AVNACHPRNUINSUCHINAN

The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

Affected

36 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	freeradius	< freeradius 3.0.20+dfsg-1 (bookworm)	freeradius 3.0.20+dfsg-1 (bookworm)
debian	wpa	< wpa 2:2.10-1 (bookworm)	wpa 2:2.10-1 (bookworm)
debian	wpa	< wpa 2:2.7+git20190128+0c1e29f-4 (bookworm)	wpa 2:2.7+git20190128+0c1e29f-4 (bookworm)
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
fedoraproject	fedora	—	—
freebsd	freebsd	—	—
freebsd	freebsd	—	—
freeradius	freeradius	>= 0 < 3.0.20+dfsg-1	3.0.20+dfsg-1
freeradius	freeradius	>= 0 < 3.0.20+dfsg-1	3.0.20+dfsg-1
freeradius	freeradius	>= 0 < 3.0.20+dfsg-1	3.0.20+dfsg-1
freeradius	freeradius	>= 0 < 3.0.20+dfsg-1	3.0.20+dfsg-1
freeradius	freeradius	3.0.0 – 3.0.19	—
msrc	cbl2_wpa_supplicant_2.10-1_on_cbl_mariner_2.0	—	—
msrc	cm1_wpa_supplicant_2.10-1_on_cbl_mariner_1.0	—	—
opensuse	backports_sle	—	—
opensuse	leap	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—
synology	radius_server	—	—
synology	router_manager	< 1.2.3-8017	1.2.3-8017
synology	router_manager	< 1.2.3-8087	1.2.3-8087
w1.fi	hostapd	< 2.10	2.10

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv6.5MEDIUM