CVE-2019-11683

Опубликовано: 02 мая 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Средний

Описание

udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue.

Ссылки

http://www.openwall.com/lists/oss-security/2019/05/02/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/05/05/4
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/108142
Third Party Advisory
VDB Entry
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.13
Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4dd2b82d5adfbe0b1587ccad7a8f76d826120f37
Issue Tracking
Patch
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7CYLTCIRTKUB4R2TLLUYPZLDQL44OBG/
https://security.netapp.com/advisory/ntap-20190517-0002/
Third Party Advisory
https://support.f5.com/csp/article/K69550896
Third Party Advisory
https://usn.ubuntu.com/3979-1/
Third Party Advisory
https://www.spinics.net/lists/netdev/msg568315.html
Issue Tracking
Patch
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/05/02/1
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/05/05/4
Mailing List
Third Party Advisory
http://www.securityfocus.com/bid/108142
Third Party Advisory
VDB Entry
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.13
Vendor Advisory
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4dd2b82d5adfbe0b1587ccad7a8f76d826120f37
Issue Tracking
Patch
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7CYLTCIRTKUB4R2TLLUYPZLDQL44OBG/
https://security.netapp.com/advisory/ntap-20190517-0002/
Third Party Advisory
https://support.f5.com/csp/article/K69550896
Third Party Advisory
https://usn.ubuntu.com/3979-1/
Third Party Advisory
https://www.spinics.net/lists/netdev/msg568315.html
Issue Tracking
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 5.0 (включая) до 5.0.13 (исключая)

Конфигурация 2

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

EPSS

Процентиль: 93%

0.10551

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-787

Связанные уязвимости

CVE-2019-11683

CVSS3: 9.8

ubuntu

почти 7 лет назад

CVE-2019-11683

CVSS3: 7.5

redhat

почти 7 лет назад

CVE-2019-11683

CVSS3: 9.8

debian

почти 7 лет назад

udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel ...

GHSA-v8g2-q4cj-f9mh

CVSS3: 9.8

github

больше 3 лет назад

udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x through 5.0.11 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue.

EPSS

Процентиль: 93%

0.10551

Средний

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-787