Fluid Attacks Database

Description

The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.16	hostapd	=0.6.10-r0 \|\| =0.6.10-r1 \|\| =0.6.10-r2 \|\| =0.6.9-r0 \|\| =0.6.9-r1 \|\| =0.7.3-r0 \|\| =0.7.3-r1 \|\| =0.7.3-r2 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.0-r2 \|\| =1.1-r0 \|\| =2.0-r0 \|\| =2.0-r1 \|\| =2.1-r0 \|\| =2.2-r0 \|\| =2.3-r0 \|\| =2.4-r0 \|\| =2.4-r1 \|\| =2.5-r0 \|\| =2.5-r1 \|\| =2.5-r2 \|\| =2.5-r3 \|\| =2.6-r0 \|\| =2.6-r1 \|\| =2.6-r2 \|\| =2.6-r3 \|\| =2.6-r4 \|\| =2.6-r5 \|\| =2.7-r0 \|\| =2.8-r0 \|\| =2.9-r0 \|\| =2.9-r1 \|\| =2.9-r2 \|\| =2.9-r3 \|\| =2.9-r4 \|\| =2.9-r5 \|\| =2.9-r6 \|\| >=0 <2.10-r0	2.10-r0
alpine v3.12	hostapd	=0.6.10-r0 \|\| =0.6.10-r1 \|\| =0.6.10-r2 \|\| =0.6.9-r0 \|\| =0.6.9-r1 \|\| =0.7.3-r0 \|\| =0.7.3-r1 \|\| =0.7.3-r2 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.0-r2 \|\| =1.1-r0 \|\| =2.0-r0 \|\| =2.0-r1 \|\| =2.1-r0 \|\| =2.2-r0 \|\| =2.3-r0 \|\| =2.4-r0 \|\| =2.4-r1 \|\| =2.5-r0 \|\| =2.5-r1 \|\| =2.5-r2 \|\| =2.5-r3 \|\| =2.6-r0 \|\| =2.6-r1 \|\| =2.6-r2 \|\| =2.6-r3 \|\| =2.6-r4 \|\| =2.6-r5 \|\| =2.7-r0 \|\| =2.8-r0 \|\| =2.9-r0 \|\| =2.9-r1 \|\| =2.9-r2 \|\| =2.9-r3 \|\| >=0 <2.9-r4	2.9-r4
debian 14	wpa	>=0 <2:2.10-1	2:2.10-1
alpine v3.13	hostapd	=0.6.10-r0 \|\| =0.6.10-r1 \|\| =0.6.10-r2 \|\| =0.6.9-r0 \|\| =0.6.9-r1 \|\| =0.7.3-r0 \|\| =0.7.3-r1 \|\| =0.7.3-r2 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.0-r2 \|\| =1.1-r0 \|\| =2.0-r0 \|\| =2.0-r1 \|\| =2.1-r0 \|\| =2.2-r0 \|\| =2.3-r0 \|\| =2.4-r0 \|\| =2.4-r1 \|\| =2.5-r0 \|\| =2.5-r1 \|\| =2.5-r2 \|\| =2.5-r3 \|\| =2.6-r0 \|\| =2.6-r1 \|\| =2.6-r2 \|\| =2.6-r3 \|\| =2.6-r4 \|\| =2.6-r5 \|\| =2.7-r0 \|\| =2.8-r0 \|\| =2.9-r0 \|\| =2.9-r1 \|\| =2.9-r2 \|\| =2.9-r3 \|\| >=0 <2.9-r4	2.9-r4
alpine v3.14	hostapd	=0.6.10-r0 \|\| =0.6.10-r1 \|\| =0.6.10-r2 \|\| =0.6.9-r0 \|\| =0.6.9-r1 \|\| =0.7.3-r0 \|\| =0.7.3-r1 \|\| =0.7.3-r2 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.0-r2 \|\| =1.1-r0 \|\| =2.0-r0 \|\| =2.0-r1 \|\| =2.1-r0 \|\| =2.2-r0 \|\| =2.3-r0 \|\| =2.4-r0 \|\| =2.4-r1 \|\| =2.5-r0 \|\| =2.5-r1 \|\| =2.5-r2 \|\| =2.5-r3 \|\| =2.6-r0 \|\| =2.6-r1 \|\| =2.6-r2 \|\| =2.6-r3 \|\| =2.6-r4 \|\| =2.6-r5 \|\| =2.7-r0 \|\| =2.8-r0 \|\| =2.9-r0 \|\| =2.9-r1 \|\| =2.9-r2 \|\| =2.9-r3 \|\| >=0 <2.9-r4	2.9-r4
alpine v3.15	hostapd	=0.6.10-r0 \|\| =0.6.10-r1 \|\| =0.6.10-r2 \|\| =0.6.9-r0 \|\| =0.6.9-r1 \|\| =0.7.3-r0 \|\| =0.7.3-r1 \|\| =0.7.3-r2 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.0-r2 \|\| =1.1-r0 \|\| =2.0-r0 \|\| =2.0-r1 \|\| =2.1-r0 \|\| =2.2-r0 \|\| =2.3-r0 \|\| =2.4-r0 \|\| =2.4-r1 \|\| =2.5-r0 \|\| =2.5-r1 \|\| =2.5-r2 \|\| =2.5-r3 \|\| =2.6-r0 \|\| =2.6-r1 \|\| =2.6-r2 \|\| =2.6-r3 \|\| =2.6-r4 \|\| =2.6-r5 \|\| =2.7-r0 \|\| =2.8-r0 \|\| =2.9-r0 \|\| =2.9-r1 \|\| =2.9-r2 \|\| =2.9-r3 \|\| =2.9-r4 \|\| =2.9-r5 \|\| =2.9-r6 \|\| >=0 <2.10-r0	2.10-r0
alpine v3.17	hostapd	=0.6.10-r0 \|\| =0.6.10-r1 \|\| =0.6.10-r2 \|\| =0.6.9-r0 \|\| =0.6.9-r1 \|\| =0.7.3-r0 \|\| =0.7.3-r1 \|\| =0.7.3-r2 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.0-r2 \|\| =1.1-r0 \|\| =2.0-r0 \|\| =2.0-r1 \|\| =2.1-r0 \|\| =2.2-r0 \|\| =2.3-r0 \|\| =2.4-r0 \|\| =2.4-r1 \|\| =2.5-r0 \|\| =2.5-r1 \|\| =2.5-r2 \|\| =2.5-r3 \|\| =2.6-r0 \|\| =2.6-r1 \|\| =2.6-r2 \|\| =2.6-r3 \|\| =2.6-r4 \|\| =2.6-r5 \|\| =2.7-r0 \|\| =2.8-r0 \|\| =2.9-r0 \|\| =2.9-r1 \|\| =2.9-r2 \|\| =2.9-r3 \|\| =2.9-r4 \|\| =2.9-r5 \|\| =2.9-r6 \|\| >=0 <2.10-r0	2.10-r0
alpine v3.18	hostapd	=0.6.10-r0 \|\| =0.6.10-r1 \|\| =0.6.10-r2 \|\| =0.6.9-r0 \|\| =0.6.9-r1 \|\| =0.7.3-r0 \|\| =0.7.3-r1 \|\| =0.7.3-r2 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.0-r2 \|\| =1.1-r0 \|\| =2.0-r0 \|\| =2.0-r1 \|\| =2.1-r0 \|\| =2.2-r0 \|\| =2.3-r0 \|\| =2.4-r0 \|\| =2.4-r1 \|\| =2.5-r0 \|\| =2.5-r1 \|\| =2.5-r2 \|\| =2.5-r3 \|\| =2.6-r0 \|\| =2.6-r1 \|\| =2.6-r2 \|\| =2.6-r3 \|\| =2.6-r4 \|\| =2.6-r5 \|\| =2.7-r0 \|\| =2.8-r0 \|\| =2.9-r0 \|\| =2.9-r1 \|\| =2.9-r2 \|\| =2.9-r3 \|\| =2.9-r4 \|\| =2.9-r5 \|\| =2.9-r6 \|\| >=0 <2.10-r0	2.10-r0
alpine v3.19	hostapd	=0.6.10-r0 \|\| =0.6.10-r1 \|\| =0.6.10-r2 \|\| =0.6.9-r0 \|\| =0.6.9-r1 \|\| =0.7.3-r0 \|\| =0.7.3-r1 \|\| =0.7.3-r2 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.0-r2 \|\| =1.1-r0 \|\| =2.0-r0 \|\| =2.0-r1 \|\| =2.1-r0 \|\| =2.2-r0 \|\| =2.3-r0 \|\| =2.4-r0 \|\| =2.4-r1 \|\| =2.5-r0 \|\| =2.5-r1 \|\| =2.5-r2 \|\| =2.5-r3 \|\| =2.6-r0 \|\| =2.6-r1 \|\| =2.6-r2 \|\| =2.6-r3 \|\| =2.6-r4 \|\| =2.6-r5 \|\| =2.7-r0 \|\| =2.8-r0 \|\| =2.9-r0 \|\| =2.9-r1 \|\| =2.9-r2 \|\| =2.9-r3 \|\| =2.9-r4 \|\| =2.9-r5 \|\| =2.9-r6 \|\| >=0 <2.10-r0	2.10-r0
alpine v3.20	hostapd	=0.6.10-r0 \|\| =0.6.10-r1 \|\| =0.6.10-r2 \|\| =0.6.9-r0 \|\| =0.6.9-r1 \|\| =0.7.3-r0 \|\| =0.7.3-r1 \|\| =0.7.3-r2 \|\| =1.0-r0 \|\| =1.0-r1 \|\| =1.0-r2 \|\| =1.1-r0 \|\| =2.0-r0 \|\| =2.0-r1 \|\| =2.1-r0 \|\| =2.2-r0 \|\| =2.3-r0 \|\| =2.4-r0 \|\| =2.4-r1 \|\| =2.5-r0 \|\| =2.5-r1 \|\| =2.5-r2 \|\| =2.5-r3 \|\| =2.6-r0 \|\| =2.6-r1 \|\| =2.6-r2 \|\| =2.6-r3 \|\| =2.6-r4 \|\| =2.6-r5 \|\| =2.7-r0 \|\| =2.8-r0 \|\| =2.9-r0 \|\| =2.9-r1 \|\| =2.9-r2 \|\| =2.9-r3 \|\| =2.9-r4 \|\| =2.9-r5 \|\| =2.9-r6 \|\| >=0 <2.10-r0	2.10-r0

1-10 of 18

Aliases

1. CVE-2022-233032. NVD-2022-233033. OSV-ALPINE-2022-233034. OSV-2022-233035. OSV-DEBIAN-2022-233036. SECURITY-CVE-2022-233037. SECURITY-TRACKER-CVE-2022-23303

References

1. https://github.com/web-logs2/hostapd_mirror

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.