Denial of Service Vulnerability in Hostapd and Wpa_Supplicant by Vendor
CVE-2019-16275

6.5MEDIUM

Key Information:

Vendor

W1.fi

Status
Hostapd
WPa Supplicant
Vendor
CVE Published:
12 September 2019

What is CVE-2019-16275?

A vulnerability exists in hostapd and wpa_supplicant prior to version 2.10, allowing an attacker to exploit improper validation of source addresses. This can lead to an incorrect disconnection indication, resulting in a denial of service condition. The attacker must be within the 802.11 communication range and send crafted 802.11 frames, circumventing the expected protection offered by management frame protection (PMF). This issue raises concerns about network stability and requires immediate attention to safeguard against potential disruptions.

References

https://www.openwall.com/lists/oss-security/2019/09/11/7
x_refsource_MISC
https://w1.fi/security/2019-7/
x_refsource_MISC
https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-p...
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.