DEBIAN-CVE-2019-10064

DEBIAN-CVE-2019-10064 PUBLISHED CVSS 7.5 HIGH

hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:11	wpa	0, 0, 0
Debian:14	wpa	0, 0, 0
Debian:13	wpa	0, 0, 0
Debian:12	wpa	0, 0, 0

Timeline

Feb 28, 2020 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2019-10064 advisory

Open in Interactive Console →