Severity
7.1HIGH
EPSS
1.9%
top 16.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 20
Latest updateMay 13
Description
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
CVSS vector
AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9
Affected Packages10 packages
Also affects: Netbsd 1.0, 1.1, 1.2, 1.2.1, 1.3, 1.3.1, 1.3.2, 1.3.3, 1.4, 1.4.1, 1.4.2, 1.4.3, 1.5, 1.5.1, 1.5.2, 1.5.3, 1.6, 1.6.1, 1.6.2, 2.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.1, 2.1.1, 3.0, 3.0.1, 3.0.2, 3.1, 3.99.15, 4.0, Freebsd 0.4_1, 1.0, 1.1, 1.1.5, 1.1.5.1, 1.2, 1.5, 2.0, 2.0.1, 2.0.5, 2.1, 2.1.0, 2.1.5, 2.1.6, 2.1.6.1, 2.1.7, 2.1.7.1, 2.2, 2.2.1, 2.2.2, 2.2.3, 2.2.4, 2.2.5, 2.2.6, 2.2.7, 2.2.8, 3.0, 3.1, 3.2, 3.3, 3.4, 3.5, 3.5.1, 4.0, 4.1, 4.1.1, 4.10, 4.11, 4.2, 4.3, 4.4, 4.5, 4.6, 4.6.1, 4.6.2, 4.7, 4.8, 4.9, 5.0, 5.1, 5.2, 5.2.1, 5.3, 5.4, 5.5, 6.0, 6.1, 6.2, 6.3, 7.0, 7.1
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-vf4j-pjcc-qf79: The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems↗2022-05-13
CVEList▶
CVE-2008-4609: The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems↗2008-10-20
OSV▶
CVE-2008-4609: The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems↗2008-10-20