CVE-2019-9496

Summary

An invalid authentication sequence could result in the hostapd process terminating due to missing state validation steps when processing the SAE confirm message when in hostapd/AP mode. All version of hostapd with SAE support are vulnerable. An attacker may force the hostapd process to terminate, performing a denial of service attack. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected.

Affected Software

VendorProductVersion RangeStatus
Wi-Fi Alliancehostapd with SAE support2.7 <= 2.7affected
Wi-Fi Alliancewpa_supplicant with SAE support2.7 <= 2.7affected

Weaknesses

  • CWE-642: CWE-642 External Control of Critical State Data

ADP Enrichment

CVE Program Container

Additional References

References