CVE-2019-18805 — Integer Overflow or Wraparound in Kernel

CWE-190 — Integer Overflow or Wraparound8 documents7 sources

Severity

9.8CRITICALNVD

EPSS

0.6%

top 31.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Netapp E-series Santricity OS Controller Opensuse Leap +1 more

Timeline

PublishedNov 7

Latest updateMay 24

Description

An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶NVDlinux/linux_kernel4.4 — 4.4.180+5

▶Debianlinux/linux_kernel< 5.2.6-1+3

▶NVDnetapp/e-series_santricity_os_controller11.0.0 — 11.60.3

▶NVDopensuse/leap15.0, 15.1+1

Also affects: Enterprise Linux 7.0

Patches

Patch: cdn.kernel.org ↗Patch: git.kernel.org ↗Patch: cdn.kernel.org ↗

🔴Vulnerability Details

GHSA

GHSA-wgj3-wxrf-qqg3: An issue was discovered in net/ipv4/sysctl_net_ipv4↗2022-05-24

▶

OSV

CVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4↗2019-11-07

▶

CVEList

CVE-2019-18805: An issue was discovered in net/ipv4/sysctl_net_ipv4↗2019-11-07

▶

📋Vendor Advisories

Red Hat

kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c↗2019-04-16

▶

Debian

CVE-2019-18805: linux - An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before...↗2019

▶

💬Community

Bugzilla

CVE-2019-18805 kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c [fedora-all]↗2019-11-12

▶

Bugzilla

CVE-2019-18805 kernel: integer overflow in tcp_ack_update_rtt in net/ipv4/tcp_input.c↗2019-11-12

▶