{"id":"CVE-2019-10064","details":"hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.","modified":"2026-07-08T05:53:21.673608059Z","published":"2020-02-28T15:15:11.993Z","database_specific":{"unresolved_ranges":[{"vendor_product":"debian:debian_linux","cpes":["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"8.0"},{"last_affected":"8.0"},{"introduced":"9.0"},{"last_affected":"9.0"}],"source":"CPE_STRING"}]},"references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2020/02/27/2"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00010.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2020/08/msg00013.html"},{"type":"FIX","url":"https://w1.fi/cgit/hostap/commit/?id=98a516eae8260e6fd5c48ddecf8d006285da7389"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/156573/Hostapd-Insufficient-Entropy.html"},{"type":"EVIDENCE","url":"http://seclists.org/fulldisclosure/2020/Feb/26"},{"type":"EVIDENCE","url":"http://www.openwall.com/lists/oss-security/2020/02/27/1"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.w1.fi/cgit/hostap","events":[{"introduced":"0"},{"fixed":"2462f347bca0a7cce7e06ff88adbe3aa47c52d54"},{"fixed":"98a516eae8260e6fd5c48ddecf8d006285da7389"}],"database_specific":{"cpe":"cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"2.6"}],"source":["CPE_RANGE","REFERENCES"]}}],"versions":["hostap_2_5","hostap_2_4","hostap_2_3","hostap_2_2","hostap_2_1","aosp-kk-from-upstream","hostap_2_0","aosp-jb-start","hostap-1-bp","hostap_0_7_2","hostap_0_7_1","hostap_0_7_0","hostap_0_6_7","hostap_0_6_6","hostap_0_6_5","hostap_0_6_4","hostap_0_6_3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10064.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}