CVE-2019-10064

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389", "name": "https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389", "tags": ["Patch", "Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2020/02/27/1", "name": "[oss-security] 20200227 Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2020/02/27/2", "name": "[oss-security] 20200227 Re: Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "http://seclists.org/fulldisclosure/2020/Feb/26", "name": "20200227 Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "refsource": "FULLDISC"}, {"url": "http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html", "name": "http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "refsource": "MISC"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html", "name": "[debian-lts-announce] 20200311 [SECURITY] [DLA 2138-1] wpa security update", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html", "name": "[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-331"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-10064", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "acInsufInfo": false, "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2020-02-28T15:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.6"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-01-01T19:31Z"}