Vulnerability Details CVE-2019-10064
hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.5%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
Products affected by CVE-2019-10064
-
cpe:2.3:a:w1.fi:hostapd:0.2.0
-
cpe:2.3:a:w1.fi:hostapd:0.2.1
-
cpe:2.3:a:w1.fi:hostapd:0.2.2
-
cpe:2.3:a:w1.fi:hostapd:0.2.4
-
cpe:2.3:a:w1.fi:hostapd:0.3.0
-
cpe:2.3:a:w1.fi:hostapd:0.3.1
-
cpe:2.3:a:w1.fi:hostapd:0.3.2
-
cpe:2.3:a:w1.fi:hostapd:0.3.3
-
cpe:2.3:a:w1.fi:hostapd:0.3.4
-
cpe:2.3:a:w1.fi:hostapd:0.3.5
-
cpe:2.3:a:w1.fi:hostapd:0.3.7
-
cpe:2.3:a:w1.fi:hostapd:0.4.0
-
cpe:2.3:a:w1.fi:hostapd:0.4.1
-
cpe:2.3:a:w1.fi:hostapd:0.4.2
-
cpe:2.3:a:w1.fi:hostapd:0.4.3
-
cpe:2.3:a:w1.fi:hostapd:0.4.4
-
cpe:2.3:a:w1.fi:hostapd:0.4.5
-
cpe:2.3:a:w1.fi:hostapd:0.4.6
-
cpe:2.3:a:w1.fi:hostapd:0.4.7
-
cpe:2.3:a:w1.fi:hostapd:0.5.0
-
cpe:2.3:a:w1.fi:hostapd:0.5.1
-
cpe:2.3:a:w1.fi:hostapd:0.5.2
-
cpe:2.3:a:w1.fi:hostapd:0.5.3
-
cpe:2.3:a:w1.fi:hostapd:0.5.4
-
cpe:2.3:a:w1.fi:hostapd:0.5.5
-
cpe:2.3:a:w1.fi:hostapd:0.5.6
-
cpe:2.3:a:w1.fi:hostapd:0.6.0
-
cpe:2.3:a:w1.fi:hostapd:0.6.1
-
cpe:2.3:a:w1.fi:hostapd:0.6.2
-
cpe:2.3:a:w1.fi:hostapd:0.6.3
-
cpe:2.3:a:w1.fi:hostapd:0.6.4
-
cpe:2.3:a:w1.fi:hostapd:0.6.5
-
cpe:2.3:a:w1.fi:hostapd:0.6.6
-
cpe:2.3:a:w1.fi:hostapd:0.6.7
-
cpe:2.3:a:w1.fi:hostapd:0.7.0
-
cpe:2.3:a:w1.fi:hostapd:0.7.1
-
cpe:2.3:a:w1.fi:hostapd:0.7.2
-
cpe:2.3:a:w1.fi:hostapd:0.7.3
-
cpe:2.3:a:w1.fi:hostapd:1.1
-
cpe:2.3:a:w1.fi:hostapd:2.0
-
cpe:2.3:a:w1.fi:hostapd:2.1
-
cpe:2.3:a:w1.fi:hostapd:2.2
-
cpe:2.3:a:w1.fi:hostapd:2.3
-
cpe:2.3:a:w1.fi:hostapd:2.4
-
cpe:2.3:a:w1.fi:hostapd:2.5
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0