Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-16275

Опубликовано: 12 сент. 2019
Источник: nvd
CVSS3: 6.5
CVSS2: 3.3
EPSS Низкий

Описание

hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*
Версия до 2.9 (включая)
cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*
Версия до 2.9 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

EPSS

Процентиль: 64%
0.00486
Низкий

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-346

Связанные уязвимости

ubuntu логотип

CVE-2019-16275

CVSS3: 6.5
ubuntu
около 6 лет назад

hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. An attacker in radio range of the access point could inject a specially constructed unauthenticated IEEE 802.11 frame to the access point to cause associated stations to be disconnected and require a reconnection to the network.

redhat логотип

CVE-2019-16275

CVSS3: 6.5
redhat
около 6 лет назад

hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.

msrc логотип

CVE-2019-16275

CVSS3: 6.5
msrc
около 5 лет назад

Описание отсутствует

debian логотип

CVE-2019-16275

CVSS3: 6.5
debian
около 6 лет назад

hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect ...

github логотип

GHSA-96gq-6rhf-g9x2

CVSS3: 6.5
github
больше 3 лет назад

hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.

EPSS

Процентиль: 64%
0.00486
Низкий

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-346