Resource exhaustion in FreeBSD - CVE-2019-5599
Published: June 19, 2019
Vulnerability identifier: #VU18846
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-5599
CWE-ID: CWE-400
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: FreeBSD Foundation
Affected software:
FreeBSD
FreeBSD
Detailed vulnerability description
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error when processing acknowledgements within the TCP loss detection algorithm RACK ("Recent ACKnowledgment"). A remote attacker can trigger resource exhaustion by sending specially crafted TCP packets to the affected system, which causes the several linked lists, used by RACK, to grow unbounded.
Successful exploitation of the vulnerability allows an attacker to perform denial of service attack (lower network performance, consume excessive CPU), but requires that system is compiled with RACK support.
How to mitigate CVE-2019-5599
Install updates from vendor's website.