CVE-2019-9499
- Source
- https://cve.org/CVERecord?id=CVE-2019-9499
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-9499.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-9499
- Downstream
- Related
- Published
- 2019-04-17T14:29:04.057Z
- Modified
- 2026-02-19T01:31:37.869999Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
The implementations of EAP-PWD in wpasupplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpasupplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html
- https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html
- https://seclists.org/bugtraq/2019/May/40
- https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc
- https://w1.fi/security/2019-4/
- https://www.synology.com/security/advisory/Synology_SA_19_16
- https://w1.fi/security/2019-4/
- http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html
- https://lists.debian.org/debian-lts-announce/2019/07/msg00030.html
- https://seclists.org/bugtraq/2019/May/40
Affected packages
Git / github.com/libarchive/libarchive
Git / github.com/sqlalchemy/sqlalchemy
Affected ranges
- Type
- GIT
- Repo
- https://github.com/sqlalchemy/sqlalchemy
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedLast affected
Affected versions
Other
origin
rel_0_1_0
rel_0_1_1
rel_0_1_2
rel_0_1_3
rel_0_1_4
rel_0_1_5
rel_0_1_6
rel_0_1_7
rel_0_2_0
rel_0_2_1
rel_0_2_2
rel_0_2_3
rel_0_2_4
rel_0_2_5
rel_0_2_6
rel_0_2_7
rel_0_2_8
rel_0_3_0
rel_0_3_1
rel_0_3_10
rel_0_3_2
rel_0_3_3
rel_0_3_4
rel_0_3_5
rel_0_3_6
rel_0_3_7
rel_0_3_8
rel_0_3_9
rel_0_4_0
rel_0_4_1
rel_0_4_2
rel_0_4_2a
rel_0_4_2b
rel_0_4_2p3
rel_0_4_3
rel_0_4_4
rel_0_4_5
rel_0_4beta1
rel_0_4beta2
rel_0_4beta3
rel_0_4beta4
rel_0_4beta6
rel_0_5_0
rel_0_5_1
rel_0_5_2
rel_0_5_3
rel_0_5_4
rel_0_5_4p1
rel_0_5_4p2
rel_0_5_5
rel_0_5beta1
rel_0_5beta2
rel_0_5beta3
rel_0_5rc1
rel_0_5rc2
rel_0_5rc3
rel_0_5rc4
rel_0_6_0
rel_0_6_1
rel_0_6_2
rel_0_6_3
rel_0_6_4
rel_0_6_5
rel_0_6beta1
rel_0_6beta2
rel_0_6beta3
rel_0_7_0
rel_0_7_1
rel_0_7_2
rel_0_7_3
rel_0_7_4
rel_0_7_5
rel_0_7_6
rel_0_7b1
rel_0_7b2
rel_0_7b3
rel_0_7b4
rel_0_8_0
rel_0_8_0b1
rel_0_8_0b2
rel_0_8_1
rel_0_9_0
rel_0_9_0b1
rel_0_9_1
rel_0_9_2
rel_0_9_3
rel_0_9_4
rel_1_0_0
rel_1_0_0_b3
rel_1_0_0b1
rel_1_0_0b2
rel_1_0_0b4
rel_1_0_0b5
rel_1_0_1
rel_1_0_2
rel_1_0_3
rel_1_0_4
rel_1_0_5
rel_1_0_6
rel_1_0_7
rel_1_0_8
rel_1_1_0
rel_1_1_0b2
rel_1_1_0b3
rel_1_1_1
rel_1_1_2
rel_1_1_3
rel_1_1_4
rel_1_1_5
rel_1_1_6
rel_1_2_0
rel_1_2_0b1
rel_1_2_0b2