Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2022-23304

Related Vulnerabilities: CVE-2022-23304  

The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.

Source

Description

The MITRE CVE dictionary describes this issue as:

The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.

Additional Information

  • Bugzilla 2044599: CVE-2022-23304 wpa_supplicant: EAP-pwd side-channel attacks as a result of cache access patterns
  • CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel
  • FAQ: Frequently asked questions about CVE-2022-23304

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started