PT-2019-17778 · Freebsd · Freebsd

Name of the Vulnerable Software and Affected Versions: FreeBSD versions 11.2-RELEASE through 11.2-RELEASE-p12 FreeBSD versions 11.3-RELEASE through 11.3-RELEASE-p1 FreeBSD versions 12.0-RELEASE through 12.0-RELEASE-p8 Description: The issue arises from the bhyve e1000 device emulation, which uses...

BSA-2019-828

Security Advisory ID : BSA-2019-828 Component : TCP SACK Revision : 2.0 An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment SACK segments. While processing SACK segments, the Linux kernel's socket buffer SKB da...

kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service

An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP segments. If the Maximum Segment Size MSS of a TCP connection was set to low values, such as 48 bytes, it can leave as little as 8 bytes for the user data, which significantly increas...

Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service

An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment SACK segments. While processing SACK segments, the Linux kernel's socket buffer SKB data structure becomes fragmented, which leads to increased resource...

The vulnerability of the TCP Selective Acknowledgment mechanism in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the TCP Selective Acknowledgment mechanism in the Linux operating system arises due to a segmentation error in the retransmission queue. Exploiting this vulnerability allows an attacker to cause a service failure by sending a specially crafted sequence of SACK packets...

kernel: tcp: excessive resource consumption for TCP connections with low MSS allows remote denial of service

An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP segments. If the Maximum Segment Size MSS of a TCP connection was set to low values, such as 48 bytes, it can leave as little as 8 bytes for the user data, which significantly increas...

Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service

An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment SACK segments. While processing SACK segments, the Linux kernel's socket buffer SKB data structure becomes fragmented, which leads to increased resource...

Kernel: tcp: integer overflow while processing SACK blocks allows remote denial of service

An integer overflow flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment SACK segments. While processing SACK segments, the Linux kernel's socket buffer SKB data structure becomes fragmented. Each fragment is about TCP maximum segment size MSS...

Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service

An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment SACK segments. While processing SACK segments, the Linux kernel's socket buffer SKB data structure becomes fragmented, which leads to increased resource...

Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service

An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment SACK segments. While processing SACK segments, the Linux kernel's socket buffer SKB data structure becomes fragmented, which leads to increased resource...

Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service

An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment SACK segments. While processing SACK segments, the Linux kernel's socket buffer SKB data structure becomes fragmented, which leads to increased resource...

Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service

An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment SACK segments. While processing SACK segments, the Linux kernel's socket buffer SKB data structure becomes fragmented, which leads to increased resource...

UBUNTU-CVE-2019-11477

Jonathan Looney discovered that the TCPSKBCBskb-tcpgsosegs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments SACKs. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182,...

UBUNTU-CVE-2019-11478

Jonathan Looney discovered that the TCP retransmission queue implementation in tcpfragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment SACK sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel...

bind: Limiting simultaneous TCP clients is ineffective

A flaw was found in the way bind implemented tunable which limited simultaneous TCP client connections. A remote attacker could use this flaw to exhaust the pool of file descriptors available to named, potentially affecting network connections and the management of files such as log files or zone...

The vulnerability of the microprogrammed programmable logic controller Modicon, related to the use of insufficiently random values, allows a intruder to intercept TCP connections.

The vulnerability of the microprogrammed programmable logic controller Modicon is related to the use of insufficiently random values. Exploiting this vulnerability could allow a malicious actor to intercept TCP connections remotely...

The vulnerability of Cisco Firepower Threat Defense’s microprogramming software, related to resource management errors, allows attackers to trigger a service failure.

The vulnerability of Cisco Firepower Threat Defense’s microprogramming software is related to resource management errors. Exploiting this vulnerability allows a malicious actor to cause service interruptions by creating a persistent TCP traffic on ports 22 or 443...

USN-3956-2 bind9 vulnerability

USN-3956-1 fixed a vulnerability in Bind. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Bind incorrectly handled limiting the number of simultaneous TCP clients. A remote attacker could possibly use this...

CVE-2019-6612

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, 12.1.0-12.1.4, 11.6.1-11.6.3.4, and 11.5.2-11.5.8, DNS query TCP connections that are aborted before receiving a response from a DNS cache may cause TMM to restart...

CVE-2018-15462

A vulnerability in the TCP ingress handler for the data interfaces that are configured with management access to Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause an increase in CPU and memory usage, resulting in a denial of service DoS condition...