gsd-2019-11477
Vulnerability from gsd
Modified
2023-12-13 01:24
Details
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2019-11477", "description": "Jonathan Looney discovered that the TCP_SKB_CB(skb)-\u003etcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.", "id": "GSD-2019-11477", "references": [ "https://www.suse.com/security/cve/CVE-2019-11477.html", "https://www.debian.org/security/2019/dsa-4465", "https://access.redhat.com/errata/RHSA-2019:1699", "https://access.redhat.com/errata/RHSA-2019:1602", "https://access.redhat.com/errata/RHSA-2019:1594", "https://access.redhat.com/errata/RHSA-2019:1490", "https://access.redhat.com/errata/RHSA-2019:1489", "https://access.redhat.com/errata/RHSA-2019:1488", "https://access.redhat.com/errata/RHSA-2019:1487", "https://access.redhat.com/errata/RHSA-2019:1486", "https://access.redhat.com/errata/RHSA-2019:1485", "https://access.redhat.com/errata/RHSA-2019:1484", "https://access.redhat.com/errata/RHSA-2019:1483", "https://access.redhat.com/errata/RHSA-2019:1482", "https://access.redhat.com/errata/RHSA-2019:1481", "https://access.redhat.com/errata/RHSA-2019:1480", "https://access.redhat.com/errata/RHSA-2019:1479", "https://ubuntu.com/security/CVE-2019-11477", "https://advisories.mageia.org/CVE-2019-11477.html", "https://security.archlinux.org/CVE-2019-11477", "https://alas.aws.amazon.com/cve/html/CVE-2019-11477.html", "https://linux.oracle.com/cve/CVE-2019-11477.html" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2019-11477" ], "details": "Jonathan Looney discovered that the TCP_SKB_CB(skb)-\u003etcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.", "id": "GSD-2019-11477", "modified": "2023-12-13T01:24:02.386478Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "AKA": "SACK Panic", "ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2019-06-17T00:00:00.000Z", "ID": "CVE-2019-11477", "STATE": "PUBLIC", "TITLE": "Integer overflow in TCP_SKB_CB(skb)-\u003etcp_gso_segs" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Linux kernel", "version": { "version_data": [ { "version_affected": "\u003c", "version_name": "4.4", "version_value": "4.4.182" }, { "version_affected": "\u003c", "version_name": "4.9", "version_value": "4.9.182" }, { "version_affected": "\u003c", "version_name": "4.14", "version_value": "4.14.127" }, { "version_affected": "\u003c", "version_name": "4.19", "version_value": "4.19.52" }, { "version_affected": "\u003c", "version_name": "5.1", "version_value": "5.1.11" } ] } } ] }, "vendor_name": "Linux" } ] } }, "credit": [ { "lang": "eng", "value": "Jonathan Looney from Netflix" } ], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Jonathan Looney discovered that the TCP_SKB_CB(skb)-\u003etcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff." } ] }, "generator": { "engine": "Vulnogram 0.0.7" }, "impact": { "cvss": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-190 Integer Overflow or Wraparound" } ] } ] }, "references": { "reference_data": [ { "name": "VU#905115", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/905115" }, { "name": "[oss-security] 20190620 Re: Linux and FreeBSD Kernel: Multiple TCP-based remote denial of service issues", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/20/3" }, { "name": "RHSA-2019:1594", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1594" }, { "name": "RHSA-2019:1602", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1602" }, { "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { "name": "RHSA-2019:1699", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "name": "[oss-security] 20191023 Membership application for linux-distros - VMware", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1" }, { "name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" }, { "name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff" }, { "name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", "refsource": "MISC", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { "name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", "refsource": "MISC", "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { "name": "https://access.redhat.com/security/vulnerabilities/tcpsack", "refsource": "MISC", "url": "https://access.redhat.com/security/vulnerabilities/tcpsack" }, { "name": "https://support.f5.com/csp/article/K78234183", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K78234183" }, { "name": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html" }, { "name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", "refsource": "CONFIRM", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { "name": "https://www.synology.com/security/advisory/Synology_SA_19_28", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" }, { "name": "https://security.netapp.com/advisory/ntap-20190625-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" }, { "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006", "refsource": "CONFIRM", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006" }, { "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287" }, { "name": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html" }, { "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { "name": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" }, { "name": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" }, { "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en", "refsource": "CONFIRM", "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en" }, { "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", "refsource": "CONFIRM", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt" } ] }, "source": { "advisory": "https://usn.ubuntu.com/4017-1", "defect": [ "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831637" ], "discovery": "UNKNOWN" } }, "nvd.nist.gov": { "cve": { "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "190D94DD-9CDB-413B-9A15-BFBDB1BB127C", "versionEndExcluding": "3.16.69", "versionStartIncluding": "2.6.29", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "D641CA66-86A4-4172-9D98-206C31578C5E", "versionEndExcluding": "4.4.182", "versionStartIncluding": "3.17", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "966342A3-015F-4BCC-A513-335362A79A26", "versionEndExcluding": "4.9.182", "versionStartIncluding": "4.5", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A632572-BC71-422E-B953-346709BA1658", "versionEndExcluding": "4.14.127", "versionStartIncluding": "4.10", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C91C6131-9445-46E6-960B-76E8A34DC7E4", "versionEndExcluding": "4.19.52", "versionStartIncluding": "4.15", "vulnerable": true }, { "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0E372D7-8DD5-45E7-9C26-CF389B1A09A5", "versionEndExcluding": "5.1.11", "versionStartIncluding": "4.20", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "33AF102E-2851-45B5-8C71-B393F34D4591", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E4EA2A9-C197-40D4-A6AE-A64D69536F99", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A3215E6-7223-4AF1-BFD3-BD8AE9B6B572", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "720A06E3-441B-4D51-8FC0-D569DD7FEB10", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6FF1C75A-F753-40CB-9E26-DA6D31931DDC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "A057B236-8B7C-430D-B107-8FF96D132E73", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D7877E8-E50F-4DC6-867D-C19A8DB533E3", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "899BE6FE-B23F-4236-8A5E-B41AFF28E533", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEBAD7C4-AC37-463F-B63C-6EAD5542F2A0", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C046FBE7-DCCD-40FE-AC1F-4DAD11D2E0AC", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "66FC8C37-629D-4FBA-9C79-615BDDCF7837", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "66FCB095-3E70-472A-AB9D-60F001F3A539", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA39C4F5-4D97-4B0B-8DA9-780F7ACF0A74", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2833083-97E9-4B3C-8E6B-BCAC1851D148", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8C7C45A-CC14-4092-903C-3001986D2859", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "42EBAE78-C03E-42C9-AC2D-D654A8DF8516", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "75D817B1-EC06-4180-B272-067299818B09", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E3A4646-9AAA-445E-A08F-226D41485DC2", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "09C950E6-BF12-43D4-9125-AD9D90EDD67A", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A99DC2F-BFC7-4FEA-87DF-5E9DF428F2D3", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "255D11E3-F502-45CD-8958-5989F179574E", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E72B035F-97C1-41C6-B424-F3929B9D7A99", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E058E775-EAAA-46DF-9F3D-A8D042AAFD88", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9AD3B4BB-7F5C-4565-9345-2D4895630AAD", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B872A0D5-9B23-40F2-8AAB-253A4F406D18", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "10A57948-C53A-4CD0-801B-7E801D08E112", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "F367EED9-1F71-4720-BE53-3074FF6049C9", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "20BF15AA-1183-489E-A24A-FFB5BFD84664", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "83B684D2-5889-41EA-B54A-8E7AF43DA647", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "45D0AF1B-9106-4C38-B1A2-87FC189ADBAB", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A258E-4F20-4C3C-8269-CD7554539EC6", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A5E9908-C959-48FD-8FAC-C0FE329E6FD8", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "442A56A6-935D-427A-8562-144DD770E317", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "6434ED4F-0BA2-445A-B6E9-D3E301EE3930", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2C2A9F32-FF72-44AA-AA1A-5B09E8E57E24", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "1DA668DC-EFB6-44C3-8521-47BB9F474DD1", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C23EFF81-0FF4-4B4A-BAC3-85EC62230099", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "24AB3C9F-77E5-4D87-A9C1-366B087E7F68", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D17CC587-3325-4D95-BE63-B948C63B411D", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6FB6D7D8-2688-48A2-8E3E-341881EF0B4C", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "24904D5C-58FF-49B0-B598-F798BAD110E6", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE11CCA1-58BF-462E-A0DE-49F3BC1C5499", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "639FCD86-C487-40DD-9840-8931FAF5DF3A", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "1117B40B-36E7-4205-82B0-52B4862A6D03", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "12F0D363-0DE8-4E32-9187-D7ACA0868BD8", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB112ABE-C07E-480F-8042-6321E602183D", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A751827-1169-408E-BCE6-A129BDDB489D", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "428C4BEA-AFDA-45EC-9D5F-DDF409461C33", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "717C0443-3E88-4814-8D4A-F0C067176228", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C3879431-2E02-4B6C-BB4F-C2FF631A0974", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "7865E258-CDA0-43A5-9945-81E07BF11A82", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "CAECED76-81A2-4A0C-8C2E-24C235BB32DE", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "BDC38EF1-6210-40A1-88FC-964C470E41BA", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "713EB3E7-A657-4F6A-901D-618AF660CBBC", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "EACA0835-51AD-4AC0-8C87-5564F3A821CD", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "B572C267-AF06-4270-8FDC-18EBDDED7879", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "88B12CA1-E853-4898-8A06-F991BE19A27A", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C98DCCF-2D89-4C05-A0AE-60CF8228B860", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "B439DE9D-6A09-4487-82A4-E75A57717CAB", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CA4F1CFB-0FD9-4AEB-BF25-093115F9D891", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "19428E8B-18C2-413A-A3C0-AC6AB9F952F2", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "6166E0DB-2BA5-454D-ABBC-9E4916436A44", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "F42F4AF6-4BCC-497E-A889-0BBCA965CB32", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEC2164D-11D0-4DCD-B814-6AB185C3BADF", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AA4AE425-1D86-4DB9-8B8F-74C6678BD528", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true }, { "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:*:*:*:*:*:*:*", "matchCriteriaId": "AF483911-003B-470B-A12B-85EF34A50469", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "79191794-6151-46E9-AAFD-3EC0C05B03B1", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "893A7EE9-495D-405A-B809-39DC80778B2A", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true }, { "criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:ivanti:connect_secure:-:*:*:*:*:*:*:*", "matchCriteriaId": "97D046F5-FF1A-41A7-8EDE-2C93E335906E", "vulnerable": true }, { "criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1C8792C-1CF0-450B-A8BD-2B5274156053", "vulnerable": true }, { "criteria": "cpe:2.3:a:pulsesecure:pulse_secure_virtual_application_delivery_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "B3CCBFDE-C2FA-40E3-AA44-0EB0A6861BD4", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700", "versionEndIncluding": "5.1.0", "versionStartIncluding": "5.0.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "descriptions": [ { "lang": "en", "value": "Jonathan Looney discovered that the TCP_SKB_CB(skb)-\u003etcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff." }, { "lang": "es", "value": "Jonathan Looney detect\u00f3 que el valor TCP_SKB_CB(skb)-mayor que tcp_gso_segs estuvo sujeto a un desbordamiento de enteros en el kernel de Linux durante el manejo del Reconocimiento Selectivo (SACK) de TCP. Un atacante remoto podr\u00eda usar esto para causar una denegaci\u00f3n de servicio. Esto se ha corregido en versiones de kernel estables 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, y se corrige en el commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff." } ], "id": "CVE-2019-11477", "lastModified": "2024-02-27T21:04:17.560", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV30": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security@ubuntu.com", "type": "Secondary" } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2019-06-19T00:15:12.640", "references": [ { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory" ], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory" ], "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20191225-01-kernel-en" }, { "source": "security@ubuntu.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/20/3" }, { "source": "security@ubuntu.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2" }, { "source": "security@ubuntu.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3" }, { "source": "security@ubuntu.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4" }, { "source": "security@ubuntu.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1" }, { "source": "security@ubuntu.com", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory" ], "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:1594" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:1602" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2019:1699" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/security/vulnerabilities/tcpsack" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory" ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf" }, { "source": "security@ubuntu.com", "tags": [ "Mailing List", "Patch", "Vendor Advisory" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=3b4929f65b0d8249f19a50245cd88ed1a2f78cff" }, { "source": "security@ubuntu.com", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory" ], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10287" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory" ], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0006" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20190625-0001/" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory" ], "url": "https://support.f5.com/csp/article/K78234183" }, { "source": "security@ubuntu.com", "tags": [ "Mitigation", "Third Party Advisory" ], "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://www.kb.cert.org/vuls/id/905115" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory" ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_28" }, { "source": "security@ubuntu.com", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03" } ], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Analyzed", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "nvd@nist.gov", "type": "Primary" }, { "description": [ { "lang": "en", "value": "CWE-190" } ], "source": "security@ubuntu.com", "type": "Secondary" } ] } } } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.