CVE-2018-6922

EPSS 0.7%
Veröffentlicht 09.08.2018 18:29:00
Zuletzt bearbeitet 21.11.2024 04:11:25
Quelle secteam@freebsd.org
Teams Watchlist Login
Unerledigt Login

One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system's network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Freebsd ≫ Freebsd Version10.4 Update-

Freebsd ≫ Freebsd Version10.4 Updatep1

Freebsd ≫ Freebsd Version10.4 Updatep3

Freebsd ≫ Freebsd Version10.4 Updatep4

Freebsd ≫ Freebsd Version10.4 Updatep5

Freebsd ≫ Freebsd Version10.4 Updatep6

Freebsd ≫ Freebsd Version10.4 Updatep7

Freebsd ≫ Freebsd Version10.4 Updatep8

Freebsd ≫ Freebsd Version10.4 Updatep9

Freebsd ≫ Freebsd Version11.1 Update-

Freebsd ≫ Freebsd Version11.1 Updatep1

Freebsd ≫ Freebsd Version11.1 Updatep11

Freebsd ≫ Freebsd Version11.1 Updatep2

Freebsd ≫ Freebsd Version11.1 Updatep4

Freebsd ≫ Freebsd Version11.1 Updatep5

Freebsd ≫ Freebsd Version11.1 Updatep6

Freebsd ≫ Freebsd Version11.1 Updatep7

Freebsd ≫ Freebsd Version11.1 Updatep9

Freebsd ≫ Freebsd Version11.2 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.7%	0.71

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:N/A:P

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html

Patch

http://www.securityfocus.com/bid/105058

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1041425

Third Party Advisory

VDB Entry

https://security.netapp.com/advisory/ntap-20180815-0002/

Third Party Advisory

https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-6922

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-6922

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-6922

EUVD