CVE-1999-0431

Linux Kernel < 2.2.3 - Denial of Service via IP Fragmentation Attack

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0431. PoCs published by John McDonald.

AI-analyzed exploit summary This exploit demonstrates a denial-of-service (DoS) vulnerability in Linux kernel versions 2.1.89 to 2.2.3 by sending malformed IP fragments with a 0-length fragment first in the list, causing the kernel to strand destination cache entries and exhaust resources.

Description

Linux 2.2.3 and earlier allow a remote attacker to perform an IP fragmentation attack, causing a denial of service.

Exploits (1)

exploitdb WORKING POC VERIFIED

by John McDonald · cdoslinux

https://www.exploit-db.com/exploits/20566

View Code ZIP pw:eip

This exploit demonstrates a denial-of-service (DoS) vulnerability in Linux kernel versions 2.1.89 to 2.2.3 by sending malformed IP fragments with a 0-length fragment first in the list, causing the kernel to strand destination cache entries and exhaust resources.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Linux kernel 2.1.89 to 2.2.3

No auth needed

Prerequisites: Raw socket permissions · Network access to target

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry x_refsource_misc

https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0431

Scores

EPSS 0.0658

EPSS Percentile 93.0%

Details

Status published

Products (10)

linux/linux_kernel 2.1.89

linux/linux_kernel 2.2.0

linux/linux_kernel 2.2.10

linux/linux_kernel 2.2.12

linux/linux_kernel 2.2.13

linux/linux_kernel 2.2.14

linux/linux_kernel 2.2.15 (2 CPE variants)

linux/linux_kernel 2.2.15_pre20

linux/linux_kernel 2.2.16 (2 CPE variants)

linux/linux_kernel < 2.2.3

Published Mar 01, 1999

Tracked Since Feb 18, 2026