CVE-2019-5599

Vulnerability Description

In FreeBSD 12.0-STABLE before r349197 and 12.0-RELEASE before 12.0-RELEASE-p6, a bug in the non-default RACK TCP stack can allow an attacker to cause several linked lists to grow unbounded and cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a denial of service.

CVSS Score

Affected Products

Related Weaknesses (CWE)

References

• http://packetstormsecurity.com/files/153329/Linux-FreeBSD-TCP-Based-Denial-Of-SeThird Party AdvisoryVDB Entry
• http://packetstormsecurity.com/files/153378/FreeBSD-Security-Advisory-FreeBSD-SAThird Party AdvisoryVDB Entry
• http://www.openwall.com/lists/oss-security/2019/06/17/5Mailing ListThird Party Advisory
• https://github.com/Netflix/security-bulletins/blob/master/advisories/third-partyMitigationThird Party Advisory
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193Third Party Advisory
• https://seclists.org/bugtraq/2019/Jun/27Mailing ListMitigationPatch
• https://security.FreeBSD.org/advisories/FreeBSD-SA-19:08.rack.ascMitigationVendor Advisory
• https://security.netapp.com/advisory/ntap-20190625-0004/Third Party Advisory
• https://support.f5.com/csp/article/K75521003Third Party Advisory
• https://www.kb.cert.org/vuls/id/905115Third Party AdvisoryUS Government Resource
• http://packetstormsecurity.com/files/153329/Linux-FreeBSD-TCP-Based-Denial-Of-SeThird Party AdvisoryVDB Entry
• http://packetstormsecurity.com/files/153378/FreeBSD-Security-Advisory-FreeBSD-SAThird Party AdvisoryVDB Entry
• http://www.openwall.com/lists/oss-security/2019/06/17/5Mailing ListThird Party Advisory
• https://github.com/Netflix/security-bulletins/blob/master/advisories/third-partyMitigationThird Party Advisory
• https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44193Third Party Advisory