CVE-2019-11683 Detail Modified This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided. Current Description udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue.

View Analysis Description Analysis Description udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x through 5.0.11 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue. Severity CVSS Version 3.x CVSS Version 2.0



CVSS 3.x Severity and Metrics:

NIST: NVD Base Score: 9.8 CRITICAL Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS 2.0 Severity and Metrics:



NIST: NVD Base Score: 10.0 HIGH Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C) Weakness Enumeration CWE-ID CWE Name Source CWE-787 Out-of-bounds Write NIST Known Affected Software Configurations Switch to CPE 2.2 CPEs loading, please wait. Denotes Vulnerable Software

Are we missing a CPE here? Please let us know.

Change History 10 change records found show changes CWE Remap 8/24/2020 1:37:01 PM Action Type Old Value New Value Changed CWE CWE-399



CWE-787



CVE Modified by MITRE 6/14/2019 9:29:01 PM Action Type Old Value New Value Added Reference https://support.f5.com/csp/article/K69550896 [No Types Assigned]



CVE Modified by MITRE 5/17/2019 6:29:02 AM Action Type Old Value New Value Added Reference https://security.netapp.com/advisory/ntap-20190517-0002/ [No Types Assigned]



CVE Modified by MITRE 5/14/2019 7:29:12 PM Action Type Old Value New Value Added Reference https://usn.ubuntu.com/3979-1/ [No Types Assigned]



CVE Modified by MITRE 5/09/2019 11:29:00 PM Action Type Old Value New Value Added Reference https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z7CYLTCIRTKUB4R2TLLUYPZLDQL44OBG/ [No Types Assigned]



CVE Modified by MITRE 5/06/2019 1:29:00 AM Action Type Old Value New Value Changed Description udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x through 5.0.11 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue.



udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x before 5.0.13 allows remote attackers to cause a denial of service (slab-out-of-bounds memory corruption) or possibly have unspecified other impact via UDP packets with a 0 payload, because of mishandling of padded packets, aka the "GRO packet of death" issue.



Added Reference https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.0.13 [No Types Assigned]



CVE Modified by MITRE 5/05/2019 11:29:00 AM Action Type Old Value New Value Added Reference http://www.openwall.com/lists/oss-security/2019/05/05/4 [No Types Assigned]



Initial Analysis 5/03/2019 10:53:28 AM Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from (including) 5.0 up to (including) 5.0.11



Added CVSS V2 (AV:N/AC:L/Au:N/C:C/I:C/A:C)



Added CVSS V3 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H



Added CWE CWE-399



Changed Reference Type http://www.openwall.com/lists/oss-security/2019/05/02/1 No Types Assigned



http://www.openwall.com/lists/oss-security/2019/05/02/1 Third Party Advisory



Changed Reference Type http://www.securityfocus.com/bid/108142 No Types Assigned



http://www.securityfocus.com/bid/108142 Third Party Advisory



Changed Reference Type https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4dd2b82d5adfbe0b1587ccad7a8f76d826120f37 No Types Assigned



https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=4dd2b82d5adfbe0b1587ccad7a8f76d826120f37 Issue Tracking, Patch, Vendor Advisory



Changed Reference Type https://www.spinics.net/lists/netdev/msg568315.html No Types Assigned



https://www.spinics.net/lists/netdev/msg568315.html Issue Tracking, Patch, Third Party Advisory



CVE Modified by MITRE 5/03/2019 9:29:00 AM Action Type Old Value New Value Added Reference http://www.securityfocus.com/bid/108142 [No Types Assigned]



CVE Modified by MITRE 5/02/2019 5:29:00 PM Action Type Old Value New Value Added Reference http://www.openwall.com/lists/oss-security/2019/05/02/1 [No Types Assigned]



Quick Info CVE Dictionary Entry:

CVE-2019-11683

NVD Published Date:

05/02/2019

NVD Last Modified:

08/24/2020

Source:

MITRE

