suse · CVE-2019-9496

Quick triage

Priority: medium Published: 2021-05-30 14:25:41 UTC Updated: 2025-02-17 02:12:11 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2019-9496 severity moderate: SUSE including 5 source package names (hostapd-2.9-6.2, hostapd-2.9-bp150.15.1, hostapd-2.9-bp151.5.3.1, hostapd-2.9-lp151.4.3.1, wpa_supplicant), 22 product×package rows across 22 product lines (SLES for SAP Applications 11 SP3, SUSE Linux Enterprise Desktop 12 SP3, … (22 product lines)): Known Not Affected 18, Fixed 4.

Description:

An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

cvelogic Threat Intelligence