cbcvebase.
CVE-2019-11477
published 2019-06-19

CVE-2019-11477: Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective…

high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
Jonathan Looney discovered that the TCP_SKB_CB(skb)->tcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.

Affected

102 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debianlinux< linux 4.19.37-4 (bookworm)linux 4.19.37-4 (bookworm)
f5big-ip_access_policy_manager
f5big-ip_access_policy_manager11.5.2 – 11.6.4
f5big-ip_access_policy_manager12.1.0 – 12.1.4
f5big-ip_access_policy_manager13.1.0 – 13.1.1
f5big-ip_access_policy_manager14.0.0 – 14.1.0
f5big-ip_advanced_firewall_manager
f5big-ip_advanced_firewall_manager11.5.2 – 11.6.4
f5big-ip_advanced_firewall_manager12.1.0 – 12.1.4
f5big-ip_advanced_firewall_manager13.1.0 – 13.1.1
f5big-ip_advanced_firewall_manager14.0.0 – 14.1.0
f5big-ip_analytics
f5big-ip_analytics11.5.2 – 11.6.4
f5big-ip_analytics12.1.0 – 12.1.4
f5big-ip_analytics13.1.0 – 13.1.1
f5big-ip_analytics14.0.0 – 14.1.0
f5big-ip_application_acceleration_manager
f5big-ip_application_acceleration_manager11.5.2 – 11.6.4
f5big-ip_application_acceleration_manager12.1.0 – 12.1.4

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH