Lucene search

FreebsdCVE-2019-5611

HistoryAug 30, 2019 - 9:15 a.m.

CVE-2019-5611

2019-08-3009:15:20

CWE-20

freebsd

web.nvd.nist.gov

freebsd

cve-2019-5611

security vulnerability

kernel panic

remote denial of service

nvd

contiguous data

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.005

Percentile

76.3%

JSON

In FreeBSD 12.0-STABLE before r350828, 12.0-RELEASE before 12.0-RELEASE-p10, 11.3-STABLE before r350829, 11.3-RELEASE before 11.3-RELEASE-p3, and 11.2-RELEASE before 11.2-RELEASE-p14, a missing check in the function to arrange data in a chain of mbufs could cause data returned not to be contiguous. Extra checks in the IPv6 stack could catch the error condition and trigger a kernel panic, leading to a remote denial of service.

Affected configurations

Nvd

Node

freebsdfreebsdMatch11.2-

freebsdfreebsdMatch11.2p10

freebsdfreebsdMatch11.2p11

freebsdfreebsdMatch11.2p12

freebsdfreebsdMatch11.2p13

freebsdfreebsdMatch11.2p2

freebsdfreebsdMatch11.2p3

freebsdfreebsdMatch11.2p4

freebsdfreebsdMatch11.2p5

freebsdfreebsdMatch11.2p6

freebsdfreebsdMatch11.2p7

freebsdfreebsdMatch11.2p8

freebsdfreebsdMatch11.2p9

freebsdfreebsdMatch11.3

freebsdfreebsdMatch11.3-

freebsdfreebsdMatch11.3p1

freebsdfreebsdMatch11.3p2

freebsdfreebsdMatch11.3p3

freebsdfreebsdMatch12.0-

freebsdfreebsdMatch12.0p1

freebsdfreebsdMatch12.0p3

freebsdfreebsdMatch12.0p4

freebsdfreebsdMatch12.0p5

freebsdfreebsdMatch12.0p8

Node

netappclustered_data_ontapMatch-

VendorProductVersionCPE
freebsdfreebsd11.2cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*
freebsdfreebsd11.2cpe:2.3:o:freebsd:freebsd:11.2:p10:*:*:*:*:*:*
freebsdfreebsd11.2cpe:2.3:o:freebsd:freebsd:11.2:p11:*:*:*:*:*:*
freebsdfreebsd11.2cpe:2.3:o:freebsd:freebsd:11.2:p12:*:*:*:*:*:*
freebsdfreebsd11.2cpe:2.3:o:freebsd:freebsd:11.2:p13:*:*:*:*:*:*
freebsdfreebsd11.2cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*
freebsdfreebsd11.2cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*
freebsdfreebsd11.2cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*
freebsdfreebsd11.2cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*
freebsdfreebsd11.2cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*

Vendor	Product	Version	CPE
freebsd	freebsd	11.2	cpe:2.3:o:freebsd:freebsd:11.2:-::::::
freebsd	freebsd	11.2	cpe:2.3:o:freebsd:freebsd:11.2:p10::::::
freebsd	freebsd	11.2	cpe:2.3:o:freebsd:freebsd:11.2:p11::::::
freebsd	freebsd	11.2	cpe:2.3:o:freebsd:freebsd:11.2:p12::::::
freebsd	freebsd	11.2	cpe:2.3:o:freebsd:freebsd:11.2:p13::::::
freebsd	freebsd	11.2	cpe:2.3:o:freebsd:freebsd:11.2:p2::::::
freebsd	freebsd	11.2	cpe:2.3:o:freebsd:freebsd:11.2:p3::::::
freebsd	freebsd	11.2	cpe:2.3:o:freebsd:freebsd:11.2:p4::::::
freebsd	freebsd	11.2	cpe:2.3:o:freebsd:freebsd:11.2:p5::::::
freebsd	freebsd	11.2	cpe:2.3:o:freebsd:freebsd:11.2:p6::::::

Rows per page:

1-10 of 251

CNA Affected

[
  {
    "product": "FreeBSD",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "12.0-RELEASE before 12.0-RELEASE-p10"
      },
      {
        "status": "affected",
        "version": "11.3-RELEASE before 11.3-RELEASE-p3"
      },
      {
        "status": "affected",
        "version": "11.2-RELEASE before 11.2-RELEASE-p14"
      }
    ]
  }
]

References

packetstormsecurity.com/files/154170/FreeBSD-Security-Advisory-FreeBSD-SA-19-22.mbuf.html

seclists.org/bugtraq/2019/Aug/33

security.FreeBSD.org/advisories/FreeBSD-SA-19:22.mbuf.asc

security.netapp.com/advisory/ntap-20190910-0002/

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.2

Confidence

High

EPSS

0.005

Percentile

76.3%

JSON

Related for CVE-2019-5611