Lucene search

K

Ubuntu.comUB:CVE-2013-4563

HistoryNov 20, 2013 - 12:00 a.m.

CVE-2013-4563

2013-11-2000:00:00

ubuntu.com

ubuntu.com

18

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.015 Low

EPSS

Percentile

86.6%

The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux
kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does
not properly perform a certain size comparison before inserting a fragment
header, which allows remote attackers to cause a denial of service (panic)
via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket
Filter (TBF) queueing discipline.

Bugs

<https://launchpad.net/bugs/1254894>

OSVersionArchitecturePackageVersionFilename
ubuntu13.10noarchlinux< 3.11.0-17.31UNKNOWN
ubuntu12.04noarchlinux-lts-saucy< 3.11.0-17.31~precise1UNKNOWN

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0e033e04c2678dbbe74a46b23fffb7bb918c288e

www.openwall.com/lists/oss-security/2013/11/13/9

bugzilla.redhat.com/show_bug.cgi?id=1030015

github.com/torvalds/linux/commit/0e033e04c2678dbbe74a46b23fffb7bb918c288e

launchpad.net/bugs/cve/CVE-2013-4563

nvd.nist.gov/vuln/detail/CVE-2013-4563

security-tracker.debian.org/tracker/CVE-2013-4563

ubuntu.com/security/notices/USN-2113-1

ubuntu.com/security/notices/USN-2117-1

www.cve.org/CVERecord?id=CVE-2013-4563

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

0.015 Low

EPSS

Percentile

86.6%

Related for UB:CVE-2013-4563

nessus9 fedora24 checkpoint_advisories1 cve1 debiancve1 prion1 openvas42 suse1 ubuntu2