VDB
CVE-2019-8460
CVE-2019-8460
PUBLISHED
Es besteht eine Schwachstelle im OpenBSD Kernel bezüglich der TCP-Implementierung. Eingehende TCP SACK Pakete erzeugen jeweils einen aufwändigen Aufruf der Funktion "tcp_sack_option()". Ein Angreifer kann eine große Menge von TCP SACK Paketen an ein betroffenes System senden, um einen Denial of Service Zustand herbeizuführen.
EPSS 0.69% · 72.2th percentile
Risk Scores
EPSS Score
0.69%
72.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| OpenBSD | OpenBSD OpenBSD <= 6.5 | |
| NetApp | NetApp Data ONTAP | |
| Siemens | Siemens SIMATIC S7 |
Exploit Intelligence
- https://ftp.openbsd.org/pub/OpenBSD/patches/6.5/common/006_tcpsack.patch.sig (nist-nvd)
- https://research.checkpoint.com/tcp-sack-security-issue-in-openbsd-cve-2019-8460/ (nist-nvd)
- Trinadh465/linux-4.1.15_CVE-2017-1000371 (github-poc)
- Trinadh465/linux-4.1.15_CVE-2017-1000371 (github-poc)
- Trinadh465/linux-4.1.15_CVE-2017-1000371 (github-poc)
- Trinadh465/linux-4.1.15_CVE-2017-1000371 (github-poc)
- Trinadh465/linux-4.1.15_CVE-2017-1000371 (github-poc)
- CVE-2017-1000367 (github-poc)
- CVE-2017-1000367 (github-poc)
- CVE-2017-1000367 (github-poc)
…and 17 more exploits
Timeline
- Aug 26, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2023-0914.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0914 advisory
- https://cert-portal.siemens.com/productcert/html/ssa-462066.html advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-8460 advisory
- https://security.netapp.com/advisory/ntap-20190905-0001/ advisory