FKIE_CVE-2013-4563

Vulnerability from fkie_nvd - Published: 2013-11-20 13:19 - Updated: 2025-04-11 00:51
Severity ?
Summary
The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline.
References
secalert@redhat.comhttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0e033e04c2678dbbe74a46b23fffb7bb918c288eVendor Advisory
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.htmlMailing List, Third Party Advisory
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2013/11/13/9Mailing List, Patch
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2113-1Third Party Advisory
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2117-1Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1030015Issue Tracking
secalert@redhat.comhttps://github.com/torvalds/linux/commit/0e033e04c2678dbbe74a46b23fffb7bb918c288eExploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0e033e04c2678dbbe74a46b23fffb7bb918c288eVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2013/11/13/9Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2113-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2117-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1030015Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/torvalds/linux/commit/0e033e04c2678dbbe74a46b23fffb7bb918c288eExploit, Patch
Impacted products
Vendor Product Version
linux linux_kernel *
linux linux_kernel *
canonical ubuntu_linux 12.04
canonical ubuntu_linux 13.10
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E06431E-08C2-49B3-9479-9E506C545BD5",
              "versionEndIncluding": "3.10.23",
              "versionStartIncluding": "3.9.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "98872EEB-8D10-4CF6-9592-F9CE1090365D",
              "versionEndExcluding": "3.12.4",
              "versionStartIncluding": "3.11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n udp6_ufo_fragment en net/ipv6/udp_offload.c del kernel de Linux hasta la versi\u00f3n 3.12, cuando est\u00e1 activado UDP Fragmentation Offload (UFO), no realiza adecuadamente comparaciones de cierto tama\u00f1o antes de insertar una cabecera fragmentada, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (panic) a trav\u00e9s de un paquete IPv6 UDP grande, tal y como se demostr\u00f3 mediante el uso de Token Bucket Filter (TBF)."
    }
  ],
  "id": "CVE-2013-4563",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-11-20T13:19:41.697",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0e033e04c2678dbbe74a46b23fffb7bb918c288e"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/11/13/9"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2113-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2117-1"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1030015"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/torvalds/linux/commit/0e033e04c2678dbbe74a46b23fffb7bb918c288e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0e033e04c2678dbbe74a46b23fffb7bb918c288e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2013/11/13/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2113-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2117-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1030015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/torvalds/linux/commit/0e033e04c2678dbbe74a46b23fffb7bb918c288e"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.