{
  "threat_severity" : "Moderate",
  "public_date" : "2020-02-27T00:00:00Z",
  "bugzilla" : {
    "description" : "hostapd: Not preventig the use of low quality PRNG in EAP mode leads to insufficient entropy",
    "id" : "1811069",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1811069"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "draft"
  },
  "cwe" : "CWE-331",
  "details" : [ "hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "wpa_supplicant",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "wpa_supplicant",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-10064\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10064\nhttps://moabi.com/advisories/CVE-2019-10064.html" ],
  "name" : "CVE-2019-10064",
  "csaw" : false
}