VDB

DEBIAN-CVE-2019-18805

DEBIAN-CVE-2019-18805 PUBLISHED CVSS 9.800000190734863 CRITICAL

An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6.

Risk Scores

CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:11linux0, 0, 0
Debian:14linux0, 0, 0
Debian:12linux0, 0, 0
Debian:13linux0, 0, 0

Timeline

  • Nov 7, 2019 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›