{"containers": {"cna": {"affected": [{"product": "Linux kernel", "vendor": "Linux", "versions": [{"lessThan": "4.4.182", "status": "affected", "version": "4.4", "versionType": "custom"}, {"lessThan": "4.9.182", "status": "affected", "version": "4.9", "versionType": "custom"}, {"lessThan": "4.14.127", "status": "affected", "version": "4.14", "versionType": "custom"}, {"lessThan": "4.19.52", "status": "affected", "version": "4.19", "versionType": "custom"}, {"lessThan": "5.1.11", "status": "affected", "version": "5.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Jonathan Looney from Netflix"}], "datePublic": "2019-06-17T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-770", "description": "CWE-770 Allocation of Resources Without Limits or Throttling", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-10-20T21:14:56.000Z", "orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "shortName": "canonical"}, "references": [{"name": "VU#905115", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/905115"}, {"name": "RHSA-2019:1594", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1594"}, {"name": "RHSA-2019:1602", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1602"}, {"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"}, {"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"}, {"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"}, {"name": "RHSA-2019:1699", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1699"}, {"name": "20190722 [SECURITY] [DSA 4484-1] linux security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "https://seclists.org/bugtraq/2019/Jul/30"}, {"name": "[oss-security] 20191023 Membership application for linux-distros - VMware", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"}, {"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"}, {"tags": ["x_refsource_MISC"], "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"}, {"tags": ["x_refsource_MISC"], "url": "https://access.redhat.com/security/vulnerabilities/tcpsack"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_28"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20190625-0001/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"}, {"tags": ["x_refsource_MISC"], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"}, {"tags": ["x_refsource_MISC"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K26618426"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html"}], "source": {"advisory": "https://usn.ubuntu.com/4017-1", "defect": ["https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831638"], "discovery": "UNKNOWN"}, "title": "SACK can cause extensive memory use via fragmented resend queue", "x_generator": {"engine": "Vulnogram 0.0.7"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@ubuntu.com", "DATE_PUBLIC": "2019-06-17T00:00:00.000Z", "ID": "CVE-2019-11478", "STATE": "PUBLIC", "TITLE": "SACK can cause extensive memory use via fragmented resend queue"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Linux kernel", "version": {"version_data": [{"version_affected": "<", "version_name": "4.4", "version_value": "4.4.182"}, {"version_affected": "<", "version_name": "4.9", "version_value": "4.9.182"}, {"version_affected": "<", "version_name": "4.14", "version_value": "4.14.127"}, {"version_affected": "<", "version_name": "4.19", "version_value": "4.19.52"}, {"version_affected": "<", "version_name": "5.1", "version_value": "5.1.11"}]}}]}, "vendor_name": "Linux"}]}}, "credit": [{"lang": "eng", "value": "Jonathan Looney from Netflix"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e."}]}, "generator": {"engine": "Vulnogram 0.0.7"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-770 Allocation of Resources Without Limits or Throttling"}]}]}, "references": {"reference_data": [{"name": "VU#905115", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/905115"}, {"name": "RHSA-2019:1594", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1594"}, {"name": "RHSA-2019:1602", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1602"}, {"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"}, {"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"}, {"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"}, {"name": "RHSA-2019:1699", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1699"}, {"name": "20190722 [SECURITY] [DSA 4484-1] linux security update", "refsource": "BUGTRAQ", "url": "https://seclists.org/bugtraq/2019/Jul/30"}, {"name": "[oss-security] 20191023 Membership application for linux-distros - VMware", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"}, {"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"}, {"name": "https://www.oracle.com/security-alerts/cpujan2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"name": "https://www.oracle.com/security-alerts/cpuoct2020.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"name": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md", "refsource": "MISC", "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"}, {"name": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic", "refsource": "MISC", "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"}, {"name": "https://access.redhat.com/security/vulnerabilities/tcpsack", "refsource": "MISC", "url": "https://access.redhat.com/security/vulnerabilities/tcpsack"}, {"name": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"}, {"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193", "refsource": "CONFIRM", "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"}, {"name": "https://www.synology.com/security/advisory/Synology_SA_19_28", "refsource": "CONFIRM", "url": "https://www.synology.com/security/advisory/Synology_SA_19_28"}, {"name": "https://security.netapp.com/advisory/ntap-20190625-0001/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20190625-0001/"}, {"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287", "refsource": "CONFIRM", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287"}, {"name": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"}, {"name": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03", "refsource": "MISC", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"}, {"name": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"}, {"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt", "refsource": "CONFIRM", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"}, {"name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e"}, {"name": "https://support.f5.com/csp/article/K26618426", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K26618426"}, {"name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007", "refsource": "CONFIRM", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007"}, {"name": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html"}]}, "source": {"advisory": "https://usn.ubuntu.com/4017-1", "defect": ["https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1831638"], "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:55:40.767Z"}, "title": "CVE Program Container", "references": [{"name": "VU#905115", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/905115"}, {"name": "RHSA-2019:1594", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1594"}, {"name": "RHSA-2019:1602", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1602"}, {"name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"}, {"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"}, {"name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"}, {"name": "RHSA-2019:1699", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1699"}, {"name": "20190722 [SECURITY] [DSA 4484-1] linux security update", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "https://seclists.org/bugtraq/2019/Jul/30"}, {"name": "[oss-security] 20191023 Membership application for linux-distros - VMware", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"}, {"name": "[oss-security] 20191029 Re: Membership application for linux-distros - VMware", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://access.redhat.com/security/vulnerabilities/tcpsack"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.synology.com/security/advisory/Synology_SA_19_28"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20190625-0001/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K26618426"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html"}]}]}, "cveMetadata": {"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc", "assignerShortName": "canonical", "cveId": "CVE-2019-11478", "datePublished": "2019-06-18T23:34:51.077Z", "dateReserved": "2019-04-23T00:00:00.000Z", "dateUpdated": "2024-09-16T23:45:54.779Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "17F8005D-23A1-4666-B194-18D895721E7A", "versionEndExcluding": "4.4.182", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "966342A3-015F-4BCC-A513-335362A79A26", "versionEndExcluding": "4.9.182", "versionStartIncluding": "4.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A632572-BC71-422E-B953-346709BA1658", "versionEndExcluding": "4.14.127", "versionStartIncluding": "4.10", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "C91C6131-9445-46E6-960B-76E8A34DC7E4", "versionEndExcluding": "4.19.52", "versionStartIncluding": "4.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E0E372D7-8DD5-45E7-9C26-CF389B1A09A5", "versionEndExcluding": "5.1.11", "versionStartIncluding": "4.20", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "33AF102E-2851-45B5-8C71-B393F34D4591", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E4EA2A9-C197-40D4-A6AE-A64D69536F99", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A3215E6-7223-4AF1-BFD3-BD8AE9B6B572", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "720A06E3-441B-4D51-8FC0-D569DD7FEB10", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6FF1C75A-F753-40CB-9E26-DA6D31931DDC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "A057B236-8B7C-430D-B107-8FF96D132E73", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D7877E8-E50F-4DC6-867D-C19A8DB533E3", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "899BE6FE-B23F-4236-8A5E-B41AFF28E533", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEBAD7C4-AC37-463F-B63C-6EAD5542F2A0", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C046FBE7-DCCD-40FE-AC1F-4DAD11D2E0AC", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "66FC8C37-629D-4FBA-9C79-615BDDCF7837", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "66FCB095-3E70-472A-AB9D-60F001F3A539", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA39C4F5-4D97-4B0B-8DA9-780F7ACF0A74", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2833083-97E9-4B3C-8E6B-BCAC1851D148", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8C7C45A-CC14-4092-903C-3001986D2859", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "42EBAE78-C03E-42C9-AC2D-D654A8DF8516", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "75D817B1-EC06-4180-B272-067299818B09", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "0E3A4646-9AAA-445E-A08F-226D41485DC2", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "09C950E6-BF12-43D4-9125-AD9D90EDD67A", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "1A99DC2F-BFC7-4FEA-87DF-5E9DF428F2D3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "255D11E3-F502-45CD-8958-5989F179574E", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E72B035F-97C1-41C6-B424-F3929B9D7A99", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "E058E775-EAAA-46DF-9F3D-A8D042AAFD88", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9AD3B4BB-7F5C-4565-9345-2D4895630AAD", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B872A0D5-9B23-40F2-8AAB-253A4F406D18", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "10A57948-C53A-4CD0-801B-7E801D08E112", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "F367EED9-1F71-4720-BE53-3074FF6049C9", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "20BF15AA-1183-489E-A24A-FFB5BFD84664", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "83B684D2-5889-41EA-B54A-8E7AF43DA647", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "45D0AF1B-9106-4C38-B1A2-87FC189ADBAB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "8E4A258E-4F20-4C3C-8269-CD7554539EC6", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A5E9908-C959-48FD-8FAC-C0FE329E6FD8", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "442A56A6-935D-427A-8562-144DD770E317", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "6434ED4F-0BA2-445A-B6E9-D3E301EE3930", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "2C2A9F32-FF72-44AA-AA1A-5B09E8E57E24", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "1DA668DC-EFB6-44C3-8521-47BB9F474DD1", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C23EFF81-0FF4-4B4A-BAC3-85EC62230099", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "24AB3C9F-77E5-4D87-A9C1-366B087E7F68", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D17CC587-3325-4D95-BE63-B948C63B411D", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "6FB6D7D8-2688-48A2-8E3E-341881EF0B4C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "24904D5C-58FF-49B0-B598-F798BAD110E6", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE11CCA1-58BF-462E-A0DE-49F3BC1C5499", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "639FCD86-C487-40DD-9840-8931FAF5DF3A", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "1117B40B-36E7-4205-82B0-52B4862A6D03", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "12F0D363-0DE8-4E32-9187-D7ACA0868BD8", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "DB112ABE-C07E-480F-8042-6321E602183D", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A751827-1169-408E-BCE6-A129BDDB489D", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "428C4BEA-AFDA-45EC-9D5F-DDF409461C33", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "717C0443-3E88-4814-8D4A-F0C067176228", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C3879431-2E02-4B6C-BB4F-C2FF631A0974", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "7865E258-CDA0-43A5-9945-81E07BF11A82", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "CAECED76-81A2-4A0C-8C2E-24C235BB32DE", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "BDC38EF1-6210-40A1-88FC-964C470E41BA", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "713EB3E7-A657-4F6A-901D-618AF660CBBC", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "EACA0835-51AD-4AC0-8C87-5564F3A821CD", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "B572C267-AF06-4270-8FDC-18EBDDED7879", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "88B12CA1-E853-4898-8A06-F991BE19A27A", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C98DCCF-2D89-4C05-A0AE-60CF8228B860", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "B439DE9D-6A09-4487-82A4-E75A57717CAB", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CA4F1CFB-0FD9-4AEB-BF25-093115F9D891", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "19428E8B-18C2-413A-A3C0-AC6AB9F952F2", "versionEndIncluding": "11.6.4", "versionStartIncluding": "11.5.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "6166E0DB-2BA5-454D-ABBC-9E4916436A44", "versionEndIncluding": "12.1.4", "versionStartIncluding": "12.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "F42F4AF6-4BCC-497E-A889-0BBCA965CB32", "versionEndIncluding": "13.1.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "AEC2164D-11D0-4DCD-B814-6AB185C3BADF", "versionEndIncluding": "14.1.0", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "AA4AE425-1D86-4DB9-8B8F-74C6678BD528", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*", "matchCriteriaId": "CD783B0C-9246-47D9-A937-6144FE8BFF0F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:*:*:*:*:*:*:*", "matchCriteriaId": "AF483911-003B-470B-A12B-85EF34A50469", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:6.5:*:*:*:*:*:*:*", "matchCriteriaId": "79191794-6151-46E9-AAFD-3EC0C05B03B1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "893A7EE9-495D-405A-B809-39DC80778B2A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C60FA8B1-1802-4522-A088-22171DCF7A93", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ivanti:connect_secure:-:*:*:*:*:*:*:*", "matchCriteriaId": "97D046F5-FF1A-41A7-8EDE-2C93E335906E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulsesecure:pulse_policy_secure:-:*:*:*:*:*:*:*", "matchCriteriaId": "C1C8792C-1CF0-450B-A8BD-2B5274156053", "vulnerable": true}, {"criteria": "cpe:2.3:a:pulsesecure:pulse_secure_virtual_application_delivery_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "B3CCBFDE-C2FA-40E3-AA44-0EB0A6861BD4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700", "versionEndIncluding": "5.1.0", "versionStartIncluding": "5.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e."}, {"lang": "es", "value": "Jonathan Looney descubri\u00f3 que la implementaci\u00f3n de la cola de retransmisi\u00f3n de TCP en tcp_fragment en el kernel de Linux podr\u00eda estar fragmentada cuando se manejan ciertas secuencias de Reconocimiento Selectivo (SACK) de TCP. Un atacante remoto podr\u00eda usar esto para causar una denegaci\u00f3n de servicio. Esto se ha corregido en versiones de kernel estables 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, y se corrige en el commit f070ef2ac66716357066b683fb0baf55f8191a2e."}], "id": "CVE-2019-11478", "lastModified": "2024-11-21T04:21:09.703", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security@ubuntu.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-19T00:15:12.687", "references": [{"source": "security@ubuntu.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"}, {"source": "security@ubuntu.com", "url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html"}, {"source": "security@ubuntu.com", "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"}, {"source": "security@ubuntu.com", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"}, {"source": "security@ubuntu.com", "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"}, {"source": "security@ubuntu.com", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"}, {"source": "security@ubuntu.com", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"}, {"source": "security@ubuntu.com", "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"}, {"source": "security@ubuntu.com", "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"}, {"source": "security@ubuntu.com", "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"}, {"source": "security@ubuntu.com", "url": "https://access.redhat.com/errata/RHSA-2019:1594"}, {"source": "security@ubuntu.com", "url": "https://access.redhat.com/errata/RHSA-2019:1602"}, {"source": "security@ubuntu.com", "url": "https://access.redhat.com/errata/RHSA-2019:1699"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/vulnerabilities/tcpsack"}, {"source": "security@ubuntu.com", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"}, {"source": "security@ubuntu.com", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e"}, {"source": "security@ubuntu.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"}, {"source": "security@ubuntu.com", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287"}, {"source": "security@ubuntu.com", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007"}, {"source": "security@ubuntu.com", "url": "https://seclists.org/bugtraq/2019/Jul/30"}, {"source": "security@ubuntu.com", "url": "https://security.netapp.com/advisory/ntap-20190625-0001/"}, {"source": "security@ubuntu.com", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K26618426"}, {"source": "security@ubuntu.com", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"}, {"source": "security@ubuntu.com", "url": "https://www.kb.cert.org/vuls/id/905115"}, {"source": "security@ubuntu.com", "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "security@ubuntu.com", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "security@ubuntu.com", "url": "https://www.synology.com/security/advisory/Synology_SA_19_28"}, {"source": "security@ubuntu.com", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/153346/Kernel-Live-Patch-Security-Notice-LSN-0052-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/154408/Kernel-Live-Patch-Security-Notice-LSN-0055-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://packetstormsecurity.com/files/154951/Kernel-Live-Patch-Security-Notice-LSN-0058-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2020-010.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2019/10/24/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2019/10/29/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vmware.com/security/advisories/VMSA-2019-0010.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:1594"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:1602"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:1699"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/vulnerabilities/tcpsack"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-462066.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=f070ef2ac66716357066b683fb0baf55f8191a2e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10287"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2019-0007"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://seclists.org/bugtraq/2019/Jul/30"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20190625-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.f5.com/csp/article/K26618426"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SACKPanic"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.kb.cert.org/vuls/id/905115"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.oracle.com/security-alerts/cpujan2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.synology.com/security/advisory/Synology_SA_19_28"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.us-cert.gov/ics/advisories/icsa-19-253-03"}], "sourceIdentifier": "security@ubuntu.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-770"}], "source": "security@ubuntu.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Jonathan Looney (Netflix Information Security) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2019:1488", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-754.15.3.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2019-06-17T00:00:00Z"}, {"advisory": "RHSA-2019:1490", "cpe": "cpe:/o:redhat:rhel_aus:6.5", "package": "kernel-0:2.6.32-431.95.3.el6", "product_name": "Red Hat Enterprise Linux 6.5 Advanced Update Support", "release_date": "2019-06-17T00:00:00Z"}, {"advisory": "RHSA-2019:1489", "cpe": "cpe:/o:redhat:rhel_aus:6.6", "package": "kernel-0:2.6.32-504.79.3.el6", "product_name": "Red Hat Enterprise Linux 6.6 Advanced Update Support", "release_date": "2019-06-17T00:00:00Z"}, {"advisory": "RHSA-2019:1486", "cpe": "cpe:/a:redhat:rhel_extras_rt:7", "package": "kernel-rt-0:3.10.0-957.21.3.rt56.935.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-06-17T00:00:00Z"}, {"advisory": "RHSA-2019:1481", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-0:3.10.0-957.21.3.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-06-17T00:00:00Z"}, {"advisory": "RHSA-2019:1602", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "kernel-alt-0:4.14.0-115.8.2.el7a", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2019-06-25T00:00:00Z"}, {"advisory": "RHSA-2019:1485", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "kernel-0:3.10.0-327.79.2.el7", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2019-06-17T00:00:00Z"}, {"advisory": "RHSA-2019:1485", "cpe": "cpe:/o:redhat:rhel_tus:7.2", "package": "kernel-0:3.10.0-327.79.2.el7", "product_name": "Red Hat Enterprise Linux 7.2 Telco Extended Update Support", "release_date": "2019-06-17T00:00:00Z"}, {"advisory": "RHSA-2019:1485", "cpe": "cpe:/o:redhat:rhel_e4s:7.2", "package": "kernel-0:3.10.0-327.79.2.el7", "product_name": "Red Hat Enterprise Linux 7.2 Update Services for SAP Solutions", "release_date": "2019-06-17T00:00:00Z"}, {"advisory": "RHSA-2019:1484", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "kernel-0:3.10.0-514.66.2.el7", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2019-06-17T00:00:00Z"}, {"advisory": "RHSA-2019:1484", "cpe": "cpe:/o:redhat:rhel_tus:7.3", "package": "kernel-0:3.10.0-514.66.2.el7", "product_name": "Red Hat Enterprise Linux 7.3 Telco Extended Update Support", "release_date": "2019-06-17T00:00:00Z"}, {"advisory": "RHSA-2019:1484", "cpe": "cpe:/o:redhat:rhel_e4s:7.3", "package": "kernel-0:3.10.0-514.66.2.el7", "product_name": "Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions", "release_date": "2019-06-17T00:00:00Z"}, {"advisory": "RHSA-2019:1483", "cpe": "cpe:/o:redhat:rhel_eus:7.4", "package": "kernel-0:3.10.0-693.50.3.el7", "product_name": "Red Hat Enterprise Linux 7.4 Extended Update Support", "release_date": "2019-06-17T00:00:00Z"}, {"advisory": "RHSA-2019:1482", "cpe": "cpe:/o:redhat:rhel_eus:7.5", "package": "kernel-0:3.10.0-862.34.2.el7", "product_name": "Red Hat Enterprise Linux 7.5 Extended Update Support", "release_date": "2019-06-17T00:00:00Z"}, {"advisory": "RHSA-2019:1480", "cpe": "cpe:/a:redhat:enterprise_linux:8::nfv", "package": "kernel-rt-0:4.18.0-80.4.2.rt9.152.el8_0", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-06-17T00:00:00Z"}, {"advisory": "RHSA-2019:1479", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "kernel-0:4.18.0-80.4.2.el8_0", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2019-06-17T00:00:00Z"}, {"advisory": "RHSA-2019:1487", "cpe": "cpe:/a:redhat:enterprise_mrg:2:server:el6", "package": "kernel-rt-1:3.10.0-693.50.3.rt56.644.el6rt", "product_name": "Red Hat Enterprise MRG 2", "release_date": "2019-06-17T00:00:00Z"}, {"advisory": "RHSA-2019:1594", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-release-virtualization-host-0:4.2-11.1.el7", "product_name": "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-06-25T00:00:00Z"}, {"advisory": "RHSA-2019:1594", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-virtualization-host-0:4.2-20190618.0.el7_6", "product_name": "Red Hat Virtualization 4.2 for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-06-25T00:00:00Z"}, {"advisory": "RHSA-2019:1699", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-release-virtualization-host-0:4.3.4-1.el7ev", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-07-08T00:00:00Z"}, {"advisory": "RHSA-2019:1699", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "package": "redhat-virtualization-host-0:4.3.4-20190620.3.el7_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2019-07-08T00:00:00Z"}], "bugzilla": {"description": "Kernel: tcp: excessive resource consumption while processing SACK blocks allows remote denial of service", "id": "1719128", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1719128"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-400", "details": ["Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.", "An excessive resource consumption flaw was found in the way the Linux kernel's networking subsystem processed TCP Selective Acknowledgment (SACK) segments. While processing SACK segments, the Linux kernel's socket buffer (SKB) data structure becomes fragmented, which leads to increased resource utilization to traverse and process these fragments as further SACK segments are received on the same TCP connection. A remote attacker could use this flaw to cause a denial of service (DoS) by sending a crafted sequence of SACK segments on a TCP connection."], "mitigation": {"lang": "en:us", "value": "For mitigation, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/tcpsack"}, "name": "CVE-2019-11478", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2019-06-17T17:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-11478\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-11478\nhttps://patchwork.ozlabs.org/project/netdev/list/?series=114310\nhttps://www.openwall.com/lists/oss-security/2019/06/17/5"], "statement": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/tcpsack\nRed Hat Enterprise Linux 5 is now in Maintenance Support 2 Phase of maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.", "threat_severity": "Moderate"}

{}