The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.

References

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPDHU5MV464CZBPX7N2SNMUYP6DFIBZL/

security.gentoo.org/glsa/202309-16

w1.fi/security/2022-1/

osv 4

nvd 2

alpinelinux 2

cve 2

debiancve 2

ubuntucve 2

prion 2

slackware 1

openvas 18

nessus 20

veracode 1

cbl_mariner 2

redhatcve 2

fedora 9

rosalinux 4

suse 4

cvelist 1

freebsd 1

gentoo 1

debian 2

ubuntu 1

fortinet 1

cert 1

photon 6

freebsd_advisory 1

avleonov 1

osv

CVE-2022-23304

2022-01-17 02:15:06

CVE-2019-9495

2019-04-17 14:29:03

wpa - security update

2019-04-10 00:00:00

nvd

CVE-2022-23304

2022-01-17 02:15:06

CVE-2019-9495

2019-04-17 14:29:03

alpinelinux

CVE-2022-23304

2022-01-17 02:15:06

CVE-2019-9495

2019-04-17 14:29:03

cve

CVE-2022-23304

2022-01-17 02:15:06

CVE-2019-9495

2019-04-17 14:29:03

debiancve

CVE-2022-23304

2022-01-17 02:15:06

CVE-2019-9495

2019-04-17 14:29:03

ubuntucve

CVE-2022-23304

2022-01-17 00:00:00

CVE-2019-9495

2019-04-10 00:00:00

prion

Default configuration

2022-01-17 02:15:00

Default configuration

2019-04-17 14:29:00

slackware

[slackware-security] wpa_supplicant

2022-01-19 18:33:08

openvas

Slackware: Security Advisory (SSA:2022-019-01)

2022-04-21 00:00:00

Fedora: Security Advisory for hostapd (FEDORA-2022-da8222a1bc)

2022-02-13 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:0716-1)

2022-03-05 00:00:00

nessus

SUSE SLES12 Security Update : wpa_supplicant (SUSE-SU-2022:0504-1)

2022-02-19 00:00:00

SUSE SLED15 / SLES15 Security Update : wpa_supplicant (SUSE-SU-2022:0716-1)

2022-03-05 00:00:00

Slackware Linux 14.0 / 14.1 / 14.2 / current wpa_supplicant Multiple Vulnerabilities (SSA:2022-019-01)

2022-01-19 00:00:00

veracode

Side-Channel Attacks

2022-03-17 06:54:12

cbl_mariner

CVE-2022-23304 affecting package wpa_supplicant 2.9-4

2022-02-08 03:14:29

CVE-2022-23304 affecting package wpa_supplicant for versions less than 2.10-1

2022-04-09 06:51:56

redhatcve

CVE-2022-23304

2022-01-24 19:58:45

CVE-2019-9495

2020-02-02 14:43:12

fedora

[SECURITY] Fedora 35 Update: hostapd-2.10-3.fc35

2022-02-13 01:17:59

[SECURITY] Fedora 30 Update: wpa_supplicant-2.7-5.fc30

2019-04-15 00:04:30

[SECURITY] Fedora 30 Update: hostapd-2.7-2.fc30

2019-04-27 21:31:36

rosalinux

Advisory ROSA-SA-2023-2162

2023-05-03 11:24:32

Advisory ROSA-SA-2023-2311

2023-12-19 08:49:04

Advisory ROSA-SA-2024-2367

2024-03-05 09:00:43

suse

Security update for wpa_supplicant (important)

2022-03-04 00:00:00

Security update for hostapd (moderate)

2020-02-15 00:00:00

Security update for wpa_supplicant (moderate)

2020-11-26 00:00:00

cvelist

CVE-2019-9495 The implementations of EAP-PWD in hostapd and wpa_supplicant are vulnerable to side-channel attacks as a result of cache access patterns

2019-04-17 13:31:08

freebsd

FreeBSD -- EAP-pwd side-channel attack

2019-04-10 00:00:00

gentoo

wpa_supplicant, hostapd: Multiple Vulnerabilities

2023-09-30 00:00:00

debian

[SECURITY] [DLA 1867-1] wpa security update

2019-07-31 22:10:18

[SECURITY] [DSA 4430-1] wpa security update

2019-04-11 06:12:24

ubuntu

wpa_supplicant and hostapd vulnerabilities

2019-04-10 00:00:00

fortinet

Protect

2020-01-03 00:00:00

cert

WPA3 design issues and implementation vulnerabilities in hostapd and wpa_supplicant

2019-04-12 00:00:00

photon

Important Photon OS Security Update - PHSA-2019-0017

2019-06-06 00:00:00

Important Photon OS Security Update - PHSA-2019-3.0-0017

2019-06-06 00:00:00

Critical Photon OS Security Update - PHSA-2022-0358

2022-02-07 00:00:00

freebsd_advisory

FreeBSD-SA-19:03.wpa

2019-05-14 00:00:00

avleonov

Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs

2022-12-30 18:03:13

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.4 Medium

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

81.3%

JSON

Related for CVELIST:CVE-2022-23304