{
  "threat_severity" : "Low",
  "public_date" : "2017-10-16T00:00:00Z",
  "bugzilla" : {
    "description" : "wpa_supplicant: reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake",
    "id" : "1500302",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1500302"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.1",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-323",
  "details" : [ "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) Peer Key (TPK) during the TDLS handshake, allowing an attacker within radio range to replay, decrypt, or spoof frames.", "A new exploitation technique called key reinstallation attacks (KRACK) affecting WPA2 has been discovered. A remote attacker within Wi-Fi range could exploit this attack to decrypt Wi-Fi traffic or possibly inject forged Wi-Fi packets by reinstalling a previously used Tunneled Direct-Link Setup (TDLS) Peerkey (TPK) key during a TDLS handshake." ],
  "statement" : "This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5 and 6, as it does not support TDLS.\nThis issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 7.",
  "acknowledgement" : "Red Hat would like to thank CERT for reporting this issue. Upstream acknowledges Mathy Vanhoef (University of Leuven) as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2017-10-17T00:00:00Z",
    "advisory" : "RHSA-2017:2907",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "wpa_supplicant-1:2.6-5.el7_4.1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "wpa_supplicant",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "wpa_supplicant",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-13086\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-13086\nhttps://access.redhat.com/security/vulnerabilities/kracks\nhttps://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt\nhttps://www.krackattacks.com/" ],
  "name" : "CVE-2017-13086",
  "csaw" : false
}