Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2018-6922

Published: 09/08/2018 Updated: 09/10/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Freebsd

Vulnerability Summary

One of the data structures that holds TCP segments in all versions of FreeBSD before 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system's network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

freebsd freebsd 10.4

freebsd freebsd 11.1

freebsd freebsd 11.2

Vendor Advisories

Debian CVElist Bug Report Logs: linux: CVE-2018-5390
Debian Bug report logs - #905751 linux: CVE-2018-5390 Package: src:linux; Maintainer for src:linux is Debian Kernel Team <debian-kernel@listsdebianorg>; Reported by: "Jamie" <darkshad9999@gmailcom> Date: Wed, 8 Aug 2018 22:45:02 UTC Severity: grave Merged with 905966 Found in versions linux/49110-1~deb8u1, li ...
Cisco: Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018
On August 6, 2018, the Vulnerability Coordination team of the National Cyber Security Centre of Finland (NCSC-FI) and the CERT Coordination Center (CERT/CC) disclosed vulnerabilities in the TCP stacks that are used by the Linux and FreeBSD kernels These vulnerabilities are publicly known as SegmentSmack The vulnerabilities could allow an unauthen ...

References

CWE-400https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.aschttp://www.securitytracker.com/id/1041425http://www.securityfocus.com/bid/105058https://security.netapp.com/advisory/ntap-20180815-0002/https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=905751https://www.kb.cert.org/vuls/id/962459
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook