Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CVE-2019-11478

CVE information

Published

4 years ago

Last Modified

1 month ago

CVSSv2.0 Severity

Medium

CVSSv3.1 Severity

High

Impact Analysis

Description

Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e..

CVSSv2.0 Score

Severity
Medium
Base Score
5/10
Exploit Score
10/10
Access Vector
Network
Access Complexity
Low
Authentication Required
None
Impact Score
2.9/10
Confidentiality Impact
None
Availability Impact
Partial
Integrity Impact
None

CVSSv3.1 Score

Severity
High
Base Score
7.5/10
Exploit Score
3.9/10
Access Vector
Network
Access Complexity
Low
Privileges Required
None
Impact Score
3.6/10
Confidentiality Impact
None
Availability Impact
High
Integrity Impact
None
Scope
Unchanged
User Interaction
None

Products Affected

CPE Affected Vulnerable Excluding Edit
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Yes
- 4.4.182
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Yes
4.5 4.9.182
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Yes
4.10 4.14.127
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Yes
4.15 4.19.52
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
  Yes
4.20 5.1.11
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:
  Yes
12.1.0 -
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:
  Yes
14.0.0 -
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:
  Yes
13.1.0 -
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:
  Yes
11.5.2 -
cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0:*:*:*:*
  Yes
- -
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
  Yes
14.0.0 -
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
  Yes
12.1.0 -
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
  Yes
13.1.0 -
cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*
  Yes
11.5.2 -
cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*
  Yes
12.1.0 -
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*
  Yes
14.0.0 -
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*
  Yes
13.1.0 -
cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*
  Yes
11.5.2 -
cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0:
  Yes
- -
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
  Yes
12.1.0 -
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
  Yes
14.0.0 -
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
  Yes
11.5.2 -
cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*
  Yes
13.1.0 -
cpe:2.3:a:f5:big-ip_link_controller:15.0.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*
  Yes
12.1.0 -
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*
  Yes
14.0.0 -
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*
  Yes
11.5.2 -
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*
  Yes
13.1.0 -
cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0:*:*:*:
  Yes
- -
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
  Yes
12.1.0 -
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
  Yes
14.0.0 -
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
  Yes
11.5.2 -
cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*
  Yes
13.1.0 -
cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*
  Yes
12.1.0 -
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*
  Yes
14.0.0 -
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*
  Yes
11.5.2 -
cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*
  Yes
13.1.0 -
cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0:*:*:
  Yes
- -
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
  Yes
12.1.0 -
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
  Yes
14.0.0 -
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
  Yes
11.5.2 -
cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*
  Yes
13.1.0 -
cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
  Yes
12.1.0 -
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
  Yes
14.0.0 -
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
  Yes
11.5.2 -
cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*
  Yes
13.1.0 -
cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0:*:*:*:*:
  Yes
- -
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
  Yes
12.1.0 -
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
  Yes
14.0.0 -
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
  Yes
11.5.2 -
cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*
  Yes
13.1.0 -
cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0:*:*:*:*:*:
  Yes
- -
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
  Yes
12.1.0 -
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
  Yes
14.0.0 -
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
  Yes
11.5.2 -
cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*
  Yes
13.1.0 -
cpe:2.3:a:f5:big-ip_analytics:15.0.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
  Yes
12.1.0 -
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
  Yes
14.0.0 -
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
  Yes
11.5.2 -
cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*
  Yes
13.1.0 -
cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
  Yes
12.1.0 -
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
  Yes
14.0.0 -
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
  Yes
11.5.2 -
cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*
  Yes
13.1.0 -
cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_aus:6.6:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_aus:6.5:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:redhat:enterprise_linux_atomic_host:-:*:*:*:*:*:*:
  Yes
- -
cpe:2.3:o:redhat:enterprise_mrg:2.0:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:pulsesecure:pulse_policy_secure:-:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:pulsesecure:pulse_secure_virtual_application_deliv
  Yes
- -
cpe:2.3:a:ivanti:connect_secure:-:*:*:*:*:*:*:*
  Yes
- -
cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*
  Yes
5.0.0 -

References