Lucene search

K
cveMitreCVE-2019-18805
HistoryNov 07, 2019 - 2:15 p.m.

CVE-2019-18805

2019-11-0714:15:11
CWE-190
mitre
web.nvd.nist.gov
188
cve-2019-18805
linux kernel
net/ipv4
denial of service
integer overflow
tcp_ack_update_rtt
nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.007

Percentile

80.4%

An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.

Affected configurations

Nvd
Node
linuxlinux_kernelRange4.44.4.180
OR
linuxlinux_kernelRange4.94.9.172
OR
linuxlinux_kernelRange4.144.14.115
OR
linuxlinux_kernelRange4.194.19.38
OR
linuxlinux_kernelRange5.05.0.11
OR
linuxlinux_kernelMatch5.1rc1
OR
linuxlinux_kernelMatch5.1rc2
OR
linuxlinux_kernelMatch5.1rc3
OR
linuxlinux_kernelMatch5.1rc4
OR
linuxlinux_kernelMatch5.1rc5
OR
linuxlinux_kernelMatch5.1rc6
OR
linuxlinux_kernelMatch5.1rc7
Node
opensuseleapMatch15.0
OR
opensuseleapMatch15.1
Node
redhatenterprise_linuxMatch7.0
Node
netappactive_iq_unified_managerMatch-vmware_vsphere
OR
netappdata_availability_servicesMatch-
OR
netappe-series_santricity_os_controllerRange11.0.011.60.3
OR
netapphci_management_nodeMatch-
OR
netappsolidfireMatch-
OR
netappsteelstore_cloud_integrated_storageMatch-
OR
netapphci_compute_nodeMatch-
OR
netapphci_storage_nodeMatch-
OR
broadcomfabric_operating_systemMatch-
Node
netappaff_a700sMatch-
AND
netappaff_a700s_firmwareMatch-
Node
netappfas8300Match-
AND
netappfas8300_firmwareMatch-
Node
netappfas8700Match-
AND
netappfas8700_firmwareMatch-
Node
netappaff_a400Match-
AND
netappaff_a400_firmwareMatch-
Node
netapph610sMatch-
AND
netapph610s_firmwareMatch-
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel5.1cpe:2.3:o:linux:linux_kernel:5.1:rc1:*:*:*:*:*:*
linuxlinux_kernel5.1cpe:2.3:o:linux:linux_kernel:5.1:rc2:*:*:*:*:*:*
linuxlinux_kernel5.1cpe:2.3:o:linux:linux_kernel:5.1:rc3:*:*:*:*:*:*
linuxlinux_kernel5.1cpe:2.3:o:linux:linux_kernel:5.1:rc4:*:*:*:*:*:*
linuxlinux_kernel5.1cpe:2.3:o:linux:linux_kernel:5.1:rc5:*:*:*:*:*:*
linuxlinux_kernel5.1cpe:2.3:o:linux:linux_kernel:5.1:rc6:*:*:*:*:*:*
linuxlinux_kernel5.1cpe:2.3:o:linux:linux_kernel:5.1:rc7:*:*:*:*:*:*
opensuseleap15.0cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
opensuseleap15.1cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Rows per page:
1-10 of 301

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.007

Percentile

80.4%