CVE-2019-5599
Severity Score
7.5
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-RELEASE-p6, a bug in the non-default RACK TCP stack can allow an attacker to cause several linked lists to grow unbounded and cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a denial of service.
En FreeBSD versión 12.0-STABLE anterior a r349197 y versión 12.0-RELEASE anterior a 12.0-RELEASE-p6, un bug en la pila de RACK TCP no predeterminada puede permitir a un atacante causar que varias listas vinculadas crezcan sin límites y causar un salto de lista costoso en cada paquete procesado, lo que conlleva al agotamiento de los recursos y una denegación de servicio.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-01-07 CVE Reserved
- 2019-06-18 CVE Published
- 2024-08-04 CVE Updated
- 2024-11-22 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/153329/Linux-FreeBSD-TCP-Based-Denial-Of-Service.html | Third Party Advisory |
|
| http://packetstormsecurity.com/files/153378/FreeBSD-Security-Advisory-FreeBSD-SA-19-08.rack.html | Third Party Advisory |
|
| http://www.openwall.com/lists/oss-security/2019/06/17/5 | Mailing List |
|
| https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md | Mitigation | |
| https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193 | Third Party Advisory | |
| https://security.netapp.com/advisory/ntap-20190625-0004 | Third Party Advisory |
|
| https://support.f5.com/csp/article/K75521003 | Third Party Advisory | |
| https://www.kb.cert.org/vuls/id/905115 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://seclists.org/bugtraq/2019/Jun/27 | 2020-08-24 |
| URL | Date | SRC |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-19:08.rack.asc | 2020-08-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.0 Search vendor "Freebsd" for product "Freebsd" and version "12.0" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.0 Search vendor "Freebsd" for product "Freebsd" and version "12.0" | p1 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.0 Search vendor "Freebsd" for product "Freebsd" and version "12.0" | p2 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.0 Search vendor "Freebsd" for product "Freebsd" and version "12.0" | p3 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.0 Search vendor "Freebsd" for product "Freebsd" and version "12.0" | p4 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.0 Search vendor "Freebsd" for product "Freebsd" and version "12.0" | p5 |
Affected
| ||||||