{"containers":{"cna":{"affected":[{"product":"hostapd with SAE support","vendor":"Wi-Fi Alliance","versions":[{"lessThanOrEqual":"2.7","status":"affected","version":"2.7","versionType":"custom"}]},{"product":"wpa_supplicant with SAE support","vendor":"Wi-Fi Alliance","versions":[{"lessThanOrEqual":"2.7","status":"affected","version":"2.7","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-208","description":"CWE-208 Information Exposure Through Timing Discrepancy","lang":"en","type":"CWE"}]},{"descriptions":[{"cweId":"CWE-524","description":"CWE-524 Information Exposure Through Caching","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2020-02-16T00:06:09.000Z","orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc"},"references":[{"tags":["x_refsource_CONFIRM"],"url":"https://w1.fi/security/2019-1/"},{"tags":["x_refsource_CONFIRM"],"url":"https://www.synology.com/security/advisory/Synology_SA_19_16"},{"name":"FEDORA-2019-d03bae77f5","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"},{"name":"FEDORA-2019-f409af9fbe","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"},{"name":"FEDORA-2019-eba1109acd","tags":["vendor-advisory","x_refsource_FEDORA"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"},{"name":"FreeBSD-SA-19:03","tags":["vendor-advisory","x_refsource_FREEBSD"],"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"},{"name":"20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"https://seclists.org/bugtraq/2019/May/40"},{"tags":["x_refsource_MISC"],"url":"http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"},{"name":"openSUSE-SU-2020:0222","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"}],"source":{"discovery":"UNKNOWN"},"title":"The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side-channel attacks","x_generator":{"engine":"Vulnogram 0.0.6"},"x_legacyV4Record":{"CVE_data_meta":{"AKA":"Dragonblood","ASSIGNER":"cert@cert.org","ID":"CVE-2019-9494","STATE":"PUBLIC","TITLE":"The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side-channel attacks"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"hostapd with SAE support","version":{"version_data":[{"version_affected":"<=","version_name":"2.7","version_value":"2.7"}]}},{"product_name":"wpa_supplicant with SAE support","version":{"version_data":[{"version_affected":"<=","version_name":"2.7","version_value":"2.7"}]}}]},"vendor_name":"Wi-Fi Alliance"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The implementations of SAE in hostapd and wpa_supplicant are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. An attacker may be able to gain leaked information from a side channel attack that can be used for full password recovery. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.7 are affected."}]},"generator":{"engine":"Vulnogram 0.0.6"},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-208 Information Exposure Through Timing Discrepancy"}]},{"description":[{"lang":"eng","value":"CWE-524 Information Exposure Through Caching"}]}]},"references":{"reference_data":[{"name":"https://w1.fi/security/2019-1/","refsource":"CONFIRM","url":"https://w1.fi/security/2019-1/"},{"name":"https://www.synology.com/security/advisory/Synology_SA_19_16","refsource":"CONFIRM","url":"https://www.synology.com/security/advisory/Synology_SA_19_16"},{"name":"FEDORA-2019-d03bae77f5","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"},{"name":"FEDORA-2019-f409af9fbe","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"},{"name":"FEDORA-2019-eba1109acd","refsource":"FEDORA","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"},{"name":"FreeBSD-SA-19:03","refsource":"FREEBSD","url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"},{"name":"20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa","refsource":"BUGTRAQ","url":"https://seclists.org/bugtraq/2019/May/40"},{"name":"http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html","refsource":"MISC","url":"http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"},{"name":"openSUSE-SU-2020:0222","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"}]},"source":{"discovery":"UNKNOWN"}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T21:54:44.172Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://w1.fi/security/2019-1/"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"https://www.synology.com/security/advisory/Synology_SA_19_16"},{"name":"FEDORA-2019-d03bae77f5","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/56OBBOJJSKRTDGEXZOVFSTP4HDSDBLAE/"},{"name":"FEDORA-2019-f409af9fbe","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TDOZGR3T7FVO5JSZWK2QPR7AOFIEJTIZ/"},{"name":"FEDORA-2019-eba1109acd","tags":["vendor-advisory","x_refsource_FEDORA","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SVMJOFEYBGXZLFF5IOLW67SSOPKFEJP3/"},{"name":"FreeBSD-SA-19:03","tags":["vendor-advisory","x_refsource_FREEBSD","x_transferred"],"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:03.wpa.asc"},{"name":"20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"https://seclists.org/bugtraq/2019/May/40"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://packetstormsecurity.com/files/152914/FreeBSD-Security-Advisory-FreeBSD-SA-19-03.wpa.html"},{"name":"openSUSE-SU-2020:0222","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00021.html"}]}]},"cveMetadata":{"assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","assignerShortName":"certcc","cveId":"CVE-2019-9494","datePublished":"2019-04-17T13:31:08.000Z","dateReserved":"2019-03-01T00:00:00.000Z","dateUpdated":"2024-08-04T21:54:44.172Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}