Posted on

VU#962459: TCP implementations vulnerable to Denial of Service

CWE-400:Uncontrolled Resource Consumption(‘Resource Exhaustion’)- CVE-2018-5390 Linux kernel versions 4.9+can be forced to make very expensive calls to tcp_collapse_ofo_queue()and tcp_prune_ofo_queue()for every incoming packet which can lead to a denial of service. CWE-400:Uncontrolled Resource Consumption(‘Resource Exhaustion’)- CVE-2018-6922 A TCP data structure in supported versions of FreeBSD(11,11.1,11.2,10,and 10.4)use an inefficient algorithm to reassemble the data. For both vulnerabilities,an attacker can induce a denial of service condition by sending specially modified packets within ongoing TCP sessions. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port. Thus,the attacks cannot be performed using spoofed IP addresses.

What are your thoughts?