VDB

GCVE-110-CERTCC-2008-723308

GCVE-110-CERTCC-2008-723308
Advisory PublishedCVSS 0.0/10
Vulnetix · Advisory published July 20, 2006
Part of the Transmission Control Protocol (TCP) specification (RFC 1122) allows a receiver to advertise a zero byte window, instructing the sender to maintain the connection but not send additional TCP payload data. The sender should then probe the receiver to check if the receiver is ready to accept data. Narrow interpretation of this part of the specification can create a denial-of-service vulnerability. By advertising a zero receive window and acknowledging probes, a malicious receiver can cause a sender to consume resources (TCP state, buffers, and application memory), preventing the targeted service or system from handling legitimate connections.

Risk Scores

CVSS 2.0
0.0/10
None · AV:--/AC:--/Au:--/C:--/I:--/A:--
certcc-cam
certcc-cam
impact7population15exploitation0widely_known20score_current15.5925ease_of_exploitation11
certcc-vrda
certcc-vrda
d1_impact2d1_population4d1_direct_report1
certcc-cvss-temporal-env
certcc-cvss-temporal-env
temporal_score0remediation_levelNDreport_confidenceNDenvironmental_score0target_distributionNDenvironmental_vectorCDP:ND/TD:ND/CR:ND/IR:ND/AR:ND

References

Browse GCVE Records

72,664 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›