Lucene search

[email protected]CVE-2019-11683

HistoryMay 02, 2019 - 5:29 p.m.

CVE-2019-11683

2019-05-0217:29:00

CWE-787

[email protected]

web.nvd.nist.gov

cve-2019-11683

linux kernel

udp

denial of service

memory corruption

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.027 Low

EPSS

Percentile

90.4%

JSON

udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the “GRO packet of death” issue.

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt5.0.13
canonical:ubuntu_linuxcanonical ubuntu linuxeq19.04

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	5.0.13
canonical:ubuntu_linux	canonical ubuntu linux	eq	19.04

References

www.openwall.com/lists/oss-security/2019/05/02/1

www.openwall.com/lists/oss-security/2019/05/05/4

www.securityfocus.com/bid/108142

cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.13

git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4dd2b82d5adfbe0b1587ccad7a8f76d826120f37

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7CYLTCIRTKUB4R2TLLUYPZLDQL44OBG/

security.netapp.com/advisory/ntap-20190517-0002/

support.f5.com/csp/article/K69550896

usn.ubuntu.com/3979-1/

www.spinics.net/lists/netdev/msg568315.html

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.027 Low

EPSS

Percentile

90.4%

JSON

Related for CVE-2019-11683

nessus2 f51 archlinux2 fedora2 openvas3 debiancve1 prion1 ubuntucve1 redhatcve1 ubuntu1