CVE-2019-11683

Name
CVE-2019-11683
Description
udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Issue Tracking https://www.spinics.net/lists/netdev/msg568315.html
Issue Tracking https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4dd2b82d5adfbe0b1587ccad7a8f76d826120f37
Third Party Advisory http://www.openwall.com/lists/oss-security/2019/05/02/1
Third Party Advisory http://www.securityfocus.com/bid/108142
MLIST http://www.openwall.com/lists/oss-security/2019/05/05/4
CONFIRM https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.13
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7CYLTCIRTKUB4R2TLLUYPZLDQL44OBG/
UBUNTU https://usn.ubuntu.com/3979-1/
CONFIRM https://security.netapp.com/advisory/ntap-20190517-0002/
CONFIRM https://support.f5.com/csp/article/K69550896

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* linux_kernel >= 5.0 <= 5.0.11

Vulnerable and fixed packages

Source package Branch Version Maintainer Status