8 matches found
CVE-2026-4247
CVE-2026-4247 affects FreeBSD TCP implementations (bases: 14.x, 15.x/releng) where, when a challenge ACK should be sent, tcp_respond() consumes the mbuf and can leak the mbuf if no ACK is sent. An attacker on-path or able to establish a TCP connection can craft packets that trigger a challenge AC...
FreeBSD -- TCP: remotely exploitable DoS vector (mbuf leak)
Problem Description: When a challenge ACK is to be sent tcprespond constructs and sends the challenge ACK and consumes the mbuf that is passed in. When no challenge ACK should be sent the function returns and leaks the mbuf. Impact: If an attacker is either on path with an established TCP...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001037)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001037 advisory. net/ipv4/tcpinput.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hija...
kernel: challenge ACK counter information disclosure.
It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the chang...
kernel: challenge ACK counter information disclosure.
It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the chang...
kernel: challenge ACK counter information disclosure.
It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the chang...
kernel: challenge ACK counter information disclosure.
It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the chang...
kernel: challenge ACK counter information disclosure.
It was found that the RFC 5961 challenge ACK rate limiting as implemented in the Linux kernel's networking subsystem allowed an off-path attacker to leak certain information about a given connection by creating congestion on the global challenge ACK rate limit counter and then measuring the chang...