CVE-2019-3874

Опубликовано: 25 мар. 2019

Источник: nvd

CVSS3: 5.3

CVSS3: 6.5

CVSS2: 3.3

EPSS Низкий

Описание

The SCTP socket buffer used by a userspace application is not accounted by the cgroups subsystem. An attacker can use this flaw to cause a denial of service attack. Kernel 3.10.x and 4.18.x branches are believed to be vulnerable.

Ссылки

https://access.redhat.com/errata/RHSA-2019:3309
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3517
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3874
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190411-0003/
Third Party Advisory
https://usn.ubuntu.com/3979-1/
Third Party Advisory
https://usn.ubuntu.com/3980-1/
Third Party Advisory
https://usn.ubuntu.com/3980-2/
Third Party Advisory
https://usn.ubuntu.com/3981-1/
Third Party Advisory
https://usn.ubuntu.com/3981-2/
Third Party Advisory
https://usn.ubuntu.com/3982-1/
Third Party Advisory
https://usn.ubuntu.com/3982-2/
Third Party Advisory
https://www.oracle.com/security-alerts/cpuApr2021.html
https://access.redhat.com/errata/RHSA-2019:3309
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3517
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3874
Issue Tracking
Patch
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/09/msg00025.html
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190411-0003/
Third Party Advisory
https://usn.ubuntu.com/3979-1/
Third Party Advisory
https://usn.ubuntu.com/3980-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 3.10.1 (включая) до 3.10.108 (включая)

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Версия от 4.18.1 (включая) до 4.18.20 (включая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

Конфигурация 5

Одно из

cpe:2.3:a:netapp:active_iq_unified_manager_for_vmware_vsphere:*:*:*:*:*:*:*:*

Версия от 9.5 (включая)

cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*

cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*

EPSS

Процентиль: 18%

0.00056

Низкий

5.3 Medium

CVSS3

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-400

NVD-CWE-noinfo

Связанные уязвимости

CVE-2019-3874

CVSS3: 6.5

ubuntu

около 6 лет назад

CVE-2019-3874

CVSS3: 5.3

redhat

больше 6 лет назад

CVE-2019-3874

CVSS3: 6.5

debian

около 6 лет назад

The SCTP socket buffer used by a userspace application is not accounte ...

GHSA-qvwq-hwx3-6297

CVSS3: 6.5

github

около 3 лет назад

BDU:2021-01410

CVSS3: 6.5

fstec

около 6 лет назад

Уязвимость буфера сокета SCTP ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 18%

0.00056

Низкий

5.3 Medium

CVSS3

6.5 Medium

CVSS3

3.3 Low

CVSS2

Дефекты

CWE-400

NVD-CWE-noinfo