CVE-2015-1417
FreeBSD Security Advisory - TCP Reassembly Resource Exhaustion
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, 10.2-BETA2-p2, 10.2-RC1-p1, 10.1x before 10.1-RELEASE-p16, 9.x before 9.3-STABLE, 9.3-RELEASE-p21, and 8.x before 8.4-STABLE, 8.4-RELEASE-p35 on systems with VNET enabled and at least 16 VNET instances allows remote attackers to cause a denial of service (mbuf consumption) via multiple concurrent TCP connections.
El módulo inet en FreeBSD versión 10.2x anterior a 10.2-PRERELEASE, versión 10.2-BETA2-p2, versión 10.2-RC1-p1, versión 10.1x anterior a 10.1-RELEASE-p16, versión 9.x anterior a 9.3-STABLE, versión 9.3-RELEASE-p21, y versión 8. x anterior a 8.4-ESTABLE, versión 8.4-RELEASE-p35 en sistemas con VNET habilitado y al menos 16 peticiones VNET permiten a los atacantes remotos causar una denegación de servicio (consumo de mbuf) por medio de múltiples conexiones TCP concurrentes.
There is a mistake with the introduction of VNET, which converted the global limit on the number of segments that could belong to reassembly queues into a per-VNET limit. Because mbufs are allocated from a global pool, in the presence of a sufficient number of VNETs, the total number of mbufs attached to reassembly queues can grow to the total number of mbufs in the system, at which point all network traffic would cease. An attacker who can establish concurrent TCP connections across a sufficient number of VNETs and manipulate the inbound packet streams such that the maximum number of mbufs are enqueued on each reassembly queue can cause mbuf cluster exhaustion on the target system, resulting in a Denial of Service condition. As the default per-VNET limit on the number of segments that can belong to reassembly queues is 1/16 of the total number of mbuf clusters in the system, only systems that have 16 or more VNET instances are vulnerable.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-01-27 CVE Reserved
- 2015-07-28 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/76112 | Third Party Advisory | |
| http://www.securitytracker.com/id/1033111 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.freebsd.org/security/advisories/FreeBSD-SA-15:15.tcp.asc | 2019-03-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | beta1 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p11 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p12 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p13 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p14 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p15 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p16 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p17 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p19 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p2 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p20 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p21 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p22 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p23 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p24 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p26 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p27 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p3 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p30 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p33 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p34 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p4 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p7 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p8 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 8.4 Search vendor "Freebsd" for product "Freebsd" and version "8.4" | p9 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 9.3 Search vendor "Freebsd" for product "Freebsd" and version "9.3" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 9.3 Search vendor "Freebsd" for product "Freebsd" and version "9.3" | p1 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 9.3 Search vendor "Freebsd" for product "Freebsd" and version "9.3" | p10 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 9.3 Search vendor "Freebsd" for product "Freebsd" and version "9.3" | p12 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 9.3 Search vendor "Freebsd" for product "Freebsd" and version "9.3" | p13 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 9.3 Search vendor "Freebsd" for product "Freebsd" and version "9.3" | p16 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 9.3 Search vendor "Freebsd" for product "Freebsd" and version "9.3" | p19 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 9.3 Search vendor "Freebsd" for product "Freebsd" and version "9.3" | p2 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 9.3 Search vendor "Freebsd" for product "Freebsd" and version "9.3" | p20 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 9.3 Search vendor "Freebsd" for product "Freebsd" and version "9.3" | p3 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 9.3 Search vendor "Freebsd" for product "Freebsd" and version "9.3" | p5 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 9.3 Search vendor "Freebsd" for product "Freebsd" and version "9.3" | p6 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 9.3 Search vendor "Freebsd" for product "Freebsd" and version "9.3" | p7 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 9.3 Search vendor "Freebsd" for product "Freebsd" and version "9.3" | p8 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 9.3 Search vendor "Freebsd" for product "Freebsd" and version "9.3" | p9 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 10.1 Search vendor "Freebsd" for product "Freebsd" and version "10.1" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 10.1 Search vendor "Freebsd" for product "Freebsd" and version "10.1" | p1 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 10.1 Search vendor "Freebsd" for product "Freebsd" and version "10.1" | p10 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 10.1 Search vendor "Freebsd" for product "Freebsd" and version "10.1" | p12 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 10.1 Search vendor "Freebsd" for product "Freebsd" and version "10.1" | p15 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 10.1 Search vendor "Freebsd" for product "Freebsd" and version "10.1" | p16 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 10.1 Search vendor "Freebsd" for product "Freebsd" and version "10.1" | p2 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 10.1 Search vendor "Freebsd" for product "Freebsd" and version "10.1" | p3 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 10.1 Search vendor "Freebsd" for product "Freebsd" and version "10.1" | p4 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 10.1 Search vendor "Freebsd" for product "Freebsd" and version "10.1" | p5 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 10.1 Search vendor "Freebsd" for product "Freebsd" and version "10.1" | p6 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 10.1 Search vendor "Freebsd" for product "Freebsd" and version "10.1" | p7 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 10.1 Search vendor "Freebsd" for product "Freebsd" and version "10.1" | p8 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 10.1 Search vendor "Freebsd" for product "Freebsd" and version "10.1" | p9 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 10.2 Search vendor "Freebsd" for product "Freebsd" and version "10.2" | - |
Affected
| ||||||