CVE-2019-10064
HIGH7.5EPSS 1.4%wpa - security update
Published: 2/28/2020Modified: 4/28/2026
Also known as:DEBIAN-CVE-2019-10064
Description
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.
Affected packages (3)
- Debian/wpafrom 0, < 2:2.6-7
- Debian/wpafrom 0, < 2.3-1+deb8u10
- Debian/wpafrom 0, < 2:2.4-1+deb9u7
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |