CVE-2019-5599

EPSS 9.8%
Published 02.07.2019 21:15:11
Last modified 21.11.2024 04:45:12
Source secteam@freebsd.org
Teams watchlist Login
Open Login

In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-RELEASE-p6, a bug in the non-default RACK TCP stack can allow an attacker to cause several linked lists to grow unbounded and cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a denial of service.

Affected products Warnungen 0 Metrics 3 CWE 1 References 13

Data is provided by the National Vulnerability Database (NVD)

Freebsd ≫ Freebsd Version12.0 Update-

Freebsd ≫ Freebsd Version12.0 Updatep1

Freebsd ≫ Freebsd Version12.0 Updatep2

Freebsd ≫ Freebsd Version12.0 Updatep3

Freebsd ≫ Freebsd Version12.0 Updatep4

Freebsd ≫ Freebsd Version12.0 Updatep5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	9.8%	0.922

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	7.8	10	6.9	AV:N/AC:L/Au:N/C:N/I:N/A:C

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

Third Party Advisory

Mitigation

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193

Third Party Advisory

https://www.kb.cert.org/vuls/id/905115

Third Party Advisory

US Government Resource

http://packetstormsecurity.com/files/153329/Linux-FreeBSD-TCP-Based-Denial-Of-Service.html

Third Party Advisory

VDB Entry

http://packetstormsecurity.com/files/153378/FreeBSD-Security-Advisory-FreeBSD-SA-19-08.rack.html