Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2019-11477First vendor Publication2019-06-18
VendorCveLast vendor Modification2019-06-20

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:C)
Cvss Base Score7.8Attack RangeNetwork
Cvss Impact Score6.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11477

CWE : Common Weakness Enumeration

%idName
100 %CWE-190Integer Overflow or Wraparound (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application44
Application45
Application45
Application45
Application45
Application45
Application45
Application45
Application44
Application45
Application45
Application45
Application44
Application2
Application1
Application1
Application1
Application1
Application1
Os6
Os2953
Os4
Os2
Os2
Os1

Sources (Detail)

SourceUrl
CERT-VN https://www.kb.cert.org/vuls/id/905115
CONFIRM http://www.vmware.com/security/advisories/VMSA-2019-0010.html
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193
https://kc.mcafee.com/corporate/index?page=content&id=SB10287
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006
https://security.netapp.com/advisory/ntap-20190625-0001/
https://support.f5.com/csp/article/K78234183
https://www.synology.com/security/advisory/Synology_SA_19_28
MISC http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice...
https://access.redhat.com/security/vulnerabilities/tcpsack
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b49...
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-pa...
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic
MLIST http://www.openwall.com/lists/oss-security/2019/06/20/3
http://www.openwall.com/lists/oss-security/2019/06/28/2
http://www.openwall.com/lists/oss-security/2019/07/06/3
http://www.openwall.com/lists/oss-security/2019/07/06/4
REDHAT https://access.redhat.com/errata/RHSA-2019:1594
https://access.redhat.com/errata/RHSA-2019:1602
https://access.redhat.com/errata/RHSA-2019:1699

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
DateInformations
2019-07-09 01:10:28
  • Multiple Updates
2019-07-07 12:01:01
  • Multiple Updates
2019-07-03 12:10:21
  • Multiple Updates
2019-07-02 15:39:59
  • Multiple Updates
2019-06-29 05:19:32
  • Multiple Updates
2019-06-28 13:19:17
  • Multiple Updates
2019-06-27 09:19:09
  • Multiple Updates
2019-06-26 05:19:12
  • Multiple Updates
2019-06-25 17:19:17
  • Multiple Updates
2019-06-25 13:19:22
  • Multiple Updates
2019-06-21 05:19:09
  • Multiple Updates
2019-06-20 21:19:31
  • Multiple Updates
2019-06-20 05:19:16
  • Multiple Updates
2019-06-20 00:19:09
  • Multiple Updates
2019-06-19 17:20:07
  • Multiple Updates
2019-06-19 09:19:33
  • First insertion