CVE-2018-14641

CWE-456CWE-20Improper Input Validation9 documents7 sources
Severity
5.9MEDIUM
EPSS
1.4%
top 19.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
THE Linux Foundation KernelLinux Linux Kernel
Timeline
PublishedSep 18
Latest updateMay 13

Description

A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel from 4.19-rc1 to 4.19-rc3 inclusive, which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial-of-service.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5the_linux_foundation/kernelfrom 4.19-rc1 to 4.19-rc3 inclusive

Patches

Patch: bugzilla.redhat.comPatch: git.kernel.orgPatch: seclists.org

🔴Vulnerability Details

3
GHSA
GHSA-2jfx-4v33-68mf: A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment2022-05-13
OSV
CVE-2018-14641: A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment2018-09-18
CVEList
CVE-2018-14641: A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment2018-09-18

📋Vendor Advisories

2
Red Hat
kernel: a bug in ip_frag_reasm() can cause a crash in ip_do_fragment()2018-09-18
Debian
CVE-2018-14641: linux - A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragmen...2018

💬Community

3
Bugzilla
CVE-2018-14641 kernel: a bug in ip_frag_reasm() can cause a crash in ip_do_fragment() [fedora-all]2018-09-18
Bugzilla
CVE-2018-14641 kernel: a bug in ip_frag_reasm() can cause a crash in ip_do_fragment()2018-09-17
Bugzilla
CVE-2018-14641 CVE-2018-5391 kernel: various flaws [fedora-all]2018-08-14
CVE-2018-14641 (MEDIUM CVSS 5.9) | A security flaw was found in the ip | cvebase.io