Home > Vulnerability Database > CVE-2016-10743

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2016-10743

Good to know:

Date: March 23, 2019

hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.

Language: C

Severity Score

7.5

Related Resources (10)

Url: http://www.openwall.com/lists/oss-security/2020/02/27/1

Url: http://seclists.org/fulldisclosure/2020/Feb/26

Url: https://nvd.nist.gov/vuln/detail/CVE-2016-10743

Url: http://www.openwall.com/lists/oss-security/2020/02/27/2

Url: http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html

Url: https://lists.debian.org/debian-lts-announce/2019/03/msg00035.html

Url: https://usn.ubuntu.com/3944-1/

Url: https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389

Url: https://security-tracker.debian.org/tracker/CVE-2016-10743

Url: https://www.mend.io/vulnerability-database/CVE-2016-10743

Severity Score

7.5

Weakness Type (CWE)

Insufficient Entropy in PRNG

CWE-332

Top Fix

Upgrade Version

Upgrade to version 2.6

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us