{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-17T18:07:13", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2019/09/11/7"}, {"tags": ["x_refsource_MISC"], "url": "https://w1.fi/security/2019-7/"}, {"tags": ["x_refsource_MISC"], "url": "https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt"}, {"name": "[oss-security] 20190912 Re: hostapd/wpa_supplicant: AP mode PMF disconnection protection bypass", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/09/12/6"}, {"name": "[debian-lts-announce] 20190916 [SECURITY] [DLA 1922-1] wpa security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html"}, {"name": "USN-4136-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4136-1/"}, {"name": "USN-4136-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "https://usn.ubuntu.com/4136-2/"}, {"name": "DSA-4538", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2019/dsa-4538"}, {"name": "20190929 [SECURITY] [DSA 4538-1] wpa security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Sep/56"}, {"name": "FEDORA-2019-0e0b28001d", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36G4XAZ644DMHBLKOL4FDSPZVIGNQY6U/"}, {"name": "FEDORA-2019-740834c559", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FEGITWRTIWABW54ANEPCEF4ARZLXGSK5/"}, {"name": "FEDORA-2019-2265b5ae86", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBJXUKV6XMSELWNXPS37CSUIH5EUHFXQ/"}, {"name": "FEDORA-2019-65509aac53", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7NCLOPTZNRRNYODH22BFIDH6YIQWLJD/"}, {"name": "FEDORA-2019-2bdcccee3c", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY6STGJIIROVNIU6VMB2WTN2Q5M65WF4/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-16275", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.openwall.com/lists/oss-security/2019/09/11/7", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2019/09/11/7"}, {"name": "https://w1.fi/security/2019-7/", "refsource": "MISC", "url": "https://w1.fi/security/2019-7/"}, {"name": "https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt", "refsource": "MISC", "url": "https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt"}, {"name": "[oss-security] 20190912 Re: hostapd/wpa_supplicant: AP mode PMF disconnection protection bypass", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/09/12/6"}, {"name": "[debian-lts-announce] 20190916 [SECURITY] [DLA 1922-1] wpa security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html"}, {"name": "USN-4136-1", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4136-1/"}, {"name": "USN-4136-2", "refsource": "UBUNTU", "url": "https://usn.ubuntu.com/4136-2/"}, {"name": "DSA-4538", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2019/dsa-4538"}, {"name": "20190929 [SECURITY] [DSA 4538-1] wpa security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Sep/56"}, {"name": "FEDORA-2019-0e0b28001d", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36G4XAZ644DMHBLKOL4FDSPZVIGNQY6U/"}, {"name": "FEDORA-2019-740834c559", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEGITWRTIWABW54ANEPCEF4ARZLXGSK5/"}, {"name": "FEDORA-2019-2265b5ae86", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBJXUKV6XMSELWNXPS37CSUIH5EUHFXQ/"}, {"name": "FEDORA-2019-65509aac53", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B7NCLOPTZNRRNYODH22BFIDH6YIQWLJD/"}, {"name": "FEDORA-2019-2bdcccee3c", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HY6STGJIIROVNIU6VMB2WTN2Q5M65WF4/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T01:10:41.709Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2019/09/11/7"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://w1.fi/security/2019-7/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt"}, {"name": "[oss-security] 20190912 Re: hostapd/wpa_supplicant: AP mode PMF disconnection protection bypass", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/09/12/6"}, {"name": "[debian-lts-announce] 20190916 [SECURITY] [DLA 1922-1] wpa security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html"}, {"name": "USN-4136-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4136-1/"}, {"name": "USN-4136-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "https://usn.ubuntu.com/4136-2/"}, {"name": "DSA-4538", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2019/dsa-4538"}, {"name": "20190929 [SECURITY] [DSA 4538-1] wpa security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Sep/56"}, {"name": "FEDORA-2019-0e0b28001d", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36G4XAZ644DMHBLKOL4FDSPZVIGNQY6U/"}, {"name": "FEDORA-2019-740834c559", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FEGITWRTIWABW54ANEPCEF4ARZLXGSK5/"}, {"name": "FEDORA-2019-2265b5ae86", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBJXUKV6XMSELWNXPS37CSUIH5EUHFXQ/"}, {"name": "FEDORA-2019-65509aac53", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7NCLOPTZNRRNYODH22BFIDH6YIQWLJD/"}, {"name": "FEDORA-2019-2bdcccee3c", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY6STGJIIROVNIU6VMB2WTN2Q5M65WF4/"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-16275", "datePublished": "2019-09-12T19:07:09", "dateReserved": "2019-09-12T00:00:00", "dateUpdated": "2024-08-05T01:10:41.709Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*", "matchCriteriaId": "4856F28C-C7EC-459C-9357-35E635781A9A", "versionEndIncluding": "2.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*", "matchCriteriaId": "71C32B8A-16F6-473D-AF69-EDDEE78C5A3A", "versionEndIncluding": "2.9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range."}, {"lang": "es", "value": "hostapd versiones anteriores a 2.10 y wpa_supplicant versiones anteriores a 2.10, permiten una indicaci\u00f3n incorrecta de desconexi\u00f3n en ciertas situaciones porque la comprobaci\u00f3n de la direcci\u00f3n de origen es manejada inapropiadamente. Esta es una denegaci\u00f3n de servicio que debi\u00f3 haber sido evitada mediante PMF (tambi\u00e9n se conoce como protecci\u00f3n de la trama de administraci\u00f3n). El atacante requiere enviar una trama 802.11 dise\u00f1ada desde una ubicaci\u00f3n que este dentro del rango de comunicaciones de 802.11."}], "id": "CVE-2019-16275", "lastModified": "2023-11-07T03:05:39.733", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 3.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-12T20:15:11.773", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Mitigation", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2019/09/12/6"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2019/09/msg00017.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36G4XAZ644DMHBLKOL4FDSPZVIGNQY6U/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7NCLOPTZNRRNYODH22BFIDH6YIQWLJD/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FEGITWRTIWABW54ANEPCEF4ARZLXGSK5/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY6STGJIIROVNIU6VMB2WTN2Q5M65WF4/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBJXUKV6XMSELWNXPS37CSUIH5EUHFXQ/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Sep/56"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4136-1/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://usn.ubuntu.com/4136-2/"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://w1.fi/security/2019-7/"}, {"source": "cve@mitre.org", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2019/dsa-4538"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Mitigation", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2019/09/11/7"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-346"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "wpa_supplicant: AP mode PMF disconnection protection bypass", "id": "1767023", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1767023"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.", "A vulnerability was discovered in wpa_supplicant. When Access Point (AP) mode and Protected Management Frames (PMF) (IEEE 802.11w) are enabled, wpa_supplicant does not perform enough validation on the source address of some received management frames. An attacker within the 802.11 communications range could use this flaw to inject an unauthenticated frame and perform a denial-of-service attack against another device which would be disconnected from the network."], "name": "CVE-2019-16275", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "wpa_supplicant", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "wpa_supplicant", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "wpa_supplicant", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "wpa_supplicant", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2019-09-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-16275\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-16275\nhttps://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt"], "statement": "This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8. Versions of the package shipped in Red Hat Enterprise Linux 5 and 6 are built without AP mode (CONFIG_AP=y), while versions of the package shipped in Red Hat Enterprise Linux 7 and 8, even though they support AP mode, do not enable IEEE 802.11w (CONFIG_IEEE80211W=y). Both options are required for the flaw to be exploited.", "threat_severity": "Moderate", "upstream_fix": "wpa_supplicant 2.10"}