{"api_version":"1","generated_at":"2026-04-22T23:29:27+00:00","cve":"CVE-2019-10064","urls":{"html":"https://cve.report/CVE-2019-10064","api":"https://cve.report/api/cve/CVE-2019-10064.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-10064","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-10064"},"summary":{"title":"CVE-2019-10064","description":"hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2020-02-28 15:15:00","updated_at":"2022-01-01 19:31:00"},"problem_types":["CWE-331"],"metrics":[],"references":[{"url":"http://www.openwall.com/lists/oss-security/2020/02/27/1","name":"[oss-security] 20200227 Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)","refsource":"MLIST","tags":["Exploit","Mailing List","Third Party Advisory"],"title":"oss-security - Hostapd fails at seeding PRNGS, leading to insufficient entropy\n (CVE-2016-10743 and CVE-2019-10064)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://seclists.org/fulldisclosure/2020/Feb/26","name":"20200227 Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)","refsource":"FULLDISC","tags":["Exploit","Mailing List","Third Party Advisory"],"title":"Full Disclosure: Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2020/02/27/2","name":"[oss-security] 20200227 Re: Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)","refsource":"MLIST","tags":["Mailing List","Third Party Advisory"],"title":"oss-security - Re: Hostapd fails at seeding PRNGS, leading to\n insufficient entropy (CVE-2016-10743 and CVE-2019-10064)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html","name":"http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html","refsource":"MISC","tags":["Exploit","Third Party Advisory","VDB Entry"],"title":"Hostapd Insufficient Entropy ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html","name":"[debian-lts-announce] 20200311 [SECURITY] [DLA 2138-1] wpa security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2138-1] wpa security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389","name":"https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389","refsource":"MISC","tags":["Patch","Third Party Advisory"],"title":"hostap - hostapd/wpa_supplicant","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html","name":"[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 2318-1] wpa security update","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-10064","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10064","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"10064","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"10064","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"10064","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"w1.fi","cpe5":"hostapd","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2019","cve_id":"10064","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"w1.fi","cpe5":"hostapd","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2019-10064","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389","refsource":"MISC","name":"https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389"},{"refsource":"MLIST","name":"[oss-security] 20200227 Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)","url":"http://www.openwall.com/lists/oss-security/2020/02/27/1"},{"refsource":"MLIST","name":"[oss-security] 20200227 Re: Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)","url":"http://www.openwall.com/lists/oss-security/2020/02/27/2"},{"refsource":"FULLDISC","name":"20200227 Hostapd fails at seeding PRNGS, leading to insufficient entropy (CVE-2016-10743 and CVE-2019-10064)","url":"http://seclists.org/fulldisclosure/2020/Feb/26"},{"refsource":"MISC","name":"http://www.openwall.com/lists/oss-security/2020/02/27/1","url":"http://www.openwall.com/lists/oss-security/2020/02/27/1"},{"refsource":"MISC","name":"http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html","url":"http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20200311 [SECURITY] [DLA 2138-1] wpa security update","url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20200808 [SECURITY] [DLA 2318-1] wpa security update","url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"}]}},"nvd":{"publishedDate":"2020-02-28 15:15:00","lastModifiedDate":"2022-01-01 19:31:00","problem_types":["CWE-331"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*","versionEndExcluding":"2.6","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"10064","Ordinal":"148278","Title":"CVE-2019-10064","CVE":"CVE-2019-10064","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"10064","Ordinal":"1","NoteData":"hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"10064","Ordinal":"2","NoteData":"2020-02-28","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"10064","Ordinal":"3","NoteData":"2020-08-08","Type":"Other","Title":"Modified"}]}}}