UBUNTU-CVE-2023-52424
- Source
- https://ubuntu.com/security/CVE-2023-52424
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-52424.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-52424
- Upstream
- Published
- 2024-05-17T21:15:00Z
- Modified
- 2026-05-20T16:13:57.033878814Z
- Severity
-
- 7.4 (High) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue. This occurs because the SSID is not always used to derive the pairwise master key or session keys, and because there is not a protected exchange of an SSID during a 4-way handshake.
- References
-
- https://ubuntu.com/security/CVE-2023-52424
- https://www.cve.org/CVERecord?id=CVE-2023-52424
- https://www.wi-fi.org/news-events/press-releases
- https://mentor.ieee.org/802.11/dcn/24/11-24-0938-03-000m-protect-ssid-in-4-way-handshake.docx
- https://www.top10vpn.com/research/wifi-vulnerability-ssid/
- https://www.top10vpn.com/assets/2024/05/Top10VPN-x-Vanhoef-SSID-Confusion.pdf
Affected packages
Ubuntu:16.04:LTS
wpa
Package
- Name
- wpa
- Purl
- pkg:deb/ubuntu/wpa?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.4-0ubuntu3
2.4-0ubuntu4
2.4-0ubuntu5
2.4-0ubuntu6
2.4-0ubuntu6.2
2.4-0ubuntu6.3
2.4-0ubuntu6.4
2.4-0ubuntu6.5
2.4-0ubuntu6.6
2.4-0ubuntu6.7
2.4-0ubuntu6.8
2.4-0ubuntu6.8+esm1
Ubuntu:18.04:LTS
wpa
Package
- Name
- wpa
- Purl
- pkg:deb/ubuntu/wpa?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.4-0ubuntu10
2:2.*
2:2.4-1.1ubuntu1
2:2.6-15ubuntu1
2:2.6-15ubuntu2
2:2.6-15ubuntu2.1
2:2.6-15ubuntu2.2
2:2.6-15ubuntu2.3
2:2.6-15ubuntu2.4
2:2.6-15ubuntu2.5
2:2.6-15ubuntu2.6
2:2.6-15ubuntu2.7
2:2.6-15ubuntu2.8
2:2.6-15ubuntu2.8+esm1
Ubuntu:20.04:LTS
wpa
Package
- Name
- wpa
- Purl
- pkg:deb/ubuntu/wpa?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2:2.*
2:2.9-1ubuntu2
2:2.9-1ubuntu3
2:2.9-1ubuntu4
2:2.9-1ubuntu4.1
2:2.9-1ubuntu4.2
2:2.9-1ubuntu4.3
2:2.9-1ubuntu4.4
2:2.9-1ubuntu4.6
Ubuntu:22.04:LTS
wpa
Package
- Name
- wpa
- Purl
- pkg:deb/ubuntu/wpa?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2:2.*
2:2.9.0-21build1
2:2.9.0-23
2:2.10-1
2:2.10-2
2:2.10-6
2:2.10-6ubuntu1
2:2.10-6ubuntu2
2:2.10-6ubuntu2.1
2:2.10-6ubuntu2.2
2:2.10-6ubuntu2.3
2:2.10-6ubuntu2.4
Ecosystem specific
{
"binaries": [
{
"binary_version": "2:2.10-6ubuntu2.4",
"binary_name": "eapoltest"
},
{
"binary_version": "2:2.10-6ubuntu2.4",
"binary_name": "hostapd"
},
{
"binary_version": "2:2.10-6ubuntu2.4",
"binary_name": "wpagui"
},
{
"binary_version": "2:2.10-6ubuntu2.4",
"binary_name": "wpasupplicant"
}
]
}Ubuntu:24.04:LTS
wpa
Package
- Name
- wpa
- Purl
- pkg:deb/ubuntu/wpa?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2:2.*
2:2.10-15
2:2.10-18
2:2.10-20
2:2.10-21
2:2.10-21build2
2:2.10-21build3
2:2.10-21build4
2:2.10-21ubuntu0.1
2:2.10-21ubuntu0.2
2:2.10-21ubuntu0.3
2:2.10-21ubuntu0.4
Ecosystem specific
{
"binaries": [
{
"binary_version": "2:2.10-21ubuntu0.4",
"binary_name": "eapoltest"
},
{
"binary_version": "2:2.10-21ubuntu0.4",
"binary_name": "hostapd"
},
{
"binary_version": "2:2.10-21ubuntu0.4",
"binary_name": "wpagui"
},
{
"binary_version": "2:2.10-21ubuntu0.4",
"binary_name": "wpasupplicant"
}
]
}Ubuntu:25.10
wpa
Package
- Name
- wpa
- Purl
- pkg:deb/ubuntu/wpa?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "2:2.11-0ubuntu4",
"binary_name": "eapoltest"
},
{
"binary_version": "2:2.11-0ubuntu4",
"binary_name": "hostapd"
},
{
"binary_version": "2:2.11-0ubuntu4",
"binary_name": "wpagui"
},
{
"binary_version": "2:2.11-0ubuntu4",
"binary_name": "wpasupplicant"
}
]
}Ubuntu:26.04:LTS
wpa
Package
- Name
- wpa
- Purl
- pkg:deb/ubuntu/wpa?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_version": "2:2.11-0ubuntu5",
"binary_name": "eapoltest"
},
{
"binary_version": "2:2.11-0ubuntu5",
"binary_name": "hostapd"
},
{
"binary_version": "2:2.11-0ubuntu5",
"binary_name": "wpagui"
},
{
"binary_version": "2:2.11-0ubuntu5",
"binary_name": "wpasupplicant"
}
]
}Ubuntu:Pro:14.04:LTS
wpa
Package
- Name
- wpa
- Purl
- pkg:deb/ubuntu/wpa?arch=source&distro=esm-infra-legacy%2Ftrusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.0-3ubuntu2
1.0-3ubuntu3
1.0-3ubuntu4
2.*
2.1-0ubuntu1
2.1-0ubuntu1.1
2.1-0ubuntu1.2
2.1-0ubuntu1.3
2.1-0ubuntu1.4
2.1-0ubuntu1.5
2.1-0ubuntu1.6
2.1-0ubuntu1.7
2.1-0ubuntu1.7+esm1
2.1-0ubuntu1.7+esm2
2.1-0ubuntu1.7+esm3
2.1-0ubuntu1.7+esm4
2.1-0ubuntu1.7+esm5