CVE-2018-6922
MEDIUMFreeBSD < 11.2-RELEASE-p1, 11.1-RELEASE-p12, 10.4-RELEASE-p10 - DoS via TCP Segment Reassembly
Title source: llmDescription
One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system's network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost.
References (5)
Core 5
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_freebsd
https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041425
Patch x_refsource_confirm
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/105058
Third Party Advisory x_refsource_confirm
https://security.netapp.com/advisory/ntap-20180815-0002/
Scores
CVSS v3
5.3
EPSS
0.0070
EPSS Percentile
72.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-400
Status
published
Products (3)
freebsd/freebsd
10.4 (9 CPE variants)
freebsd/freebsd
11.1 (9 CPE variants)
freebsd/freebsd
11.2
Published
Aug 09, 2018
Tracked Since
Feb 18, 2026