CVE-2019-16275
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.
hostapd versiones anteriores a 2.10 y wpa_supplicant versiones anteriores a 2.10, permiten una indicación incorrecta de desconexión en ciertas situaciones porque la comprobación de la dirección de origen es manejada inapropiadamente. Esta es una denegación de servicio que debió haber sido evitada mediante PMF (también se conoce como protección de la trama de administración). El atacante requiere enviar una trama 802.11 diseñada desde una ubicación que este dentro del rango de comunicaciones de 802.11.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-09-12 CVE Reserved
- 2019-09-12 CVE Published
- 2024-08-05 CVE Updated
- 2024-09-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-346: Origin Validation Error
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2019/09/12/6 | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html | Mailing List |
|
| https://seclists.org/bugtraq/2019/Sep/56 | Mailing List |
|
| https://www.openwall.com/lists/oss-security/2019/09/11/7 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://w1.fi/security/2019-7 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| W1.fi Search vendor "W1.fi" | Hostapd Search vendor "W1.fi" for product "Hostapd" | <= 2.9 Search vendor "W1.fi" for product "Hostapd" and version " <= 2.9" | - |
Affected
| ||||||
| W1.fi Search vendor "W1.fi" | WPA Supplicant Search vendor "W1.fi" for product "WPA Supplicant" | <= 2.9 Search vendor "W1.fi" for product "WPA Supplicant" and version " <= 2.9" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 18.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "18.04" | lts |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 19.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "19.04" | - |
Affected
| ||||||