CVE-2019-11478

CVSS v3.0 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 96.74 % (100^th)

Affected Products 24

Advisories 77

Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.

Weaknesses

CWE-400: Uncontrolled Resource Consumption
CWE-770: Allocation of Resources Without Limits or Throttling

CVE Status: PUBLISHED
CNA: Canonical Ltd.
Published Date: 2019-06-19 00:15:12
(5 years ago)
Updated Date: 2024-02-27 21:04:17
(6 months ago)

Affected Products

Canonical

Ubuntu Linux

F5

Ivanti

Connect Secure

Linux

Linux Kernel

Pulsesecure

Redhat

Configuration #1

	CPE23	From	Up To
Linux Kernel prior 4.4.182 version	cpe:2.3:o:linux:linux_kernel		< 4.4.182
Linux Kernel from 4.5 version and prior 4.9.182 version	cpe:2.3:o:linux:linux_kernel	>= 4.5	< 4.9.182
Linux Kernel from 4.10 version and prior 4.14.127 version	cpe:2.3:o:linux:linux_kernel	>= 4.10	< 4.14.127
Linux Kernel from 4.15 version and prior 4.19.52 version	cpe:2.3:o:linux:linux_kernel	>= 4.15	< 4.19.52
Linux Kernel from 4.20 version and prior 5.1.11 version	cpe:2.3:o:linux:linux_kernel	>= 4.20	< 5.1.11

Configuration #2

	CPE23	From	Up To
F5 Big-ip Advanced Firewall Manager from 11.5.2 version and 11.6.4 and prior versions	cpe:2.3:a:f5:big-ip_advanced_firewall_manager	>= 11.5.2	<= 11.6.4
F5 Big-ip Advanced Firewall Manager from 12.1.0 version and 12.1.4 and prior versions	cpe:2.3:a:f5:big-ip_advanced_firewall_manager	>= 12.1.0	<= 12.1.4
F5 Big-ip Advanced Firewall Manager from 13.1.0 version and 13.1.1 and prior versions	cpe:2.3:a:f5:big-ip_advanced_firewall_manager	>= 13.1.0	<= 13.1.1
F5 Big-ip Advanced Firewall Manager from 14.0.0 version and 14.1.0 and prior versions	cpe:2.3:a:f5:big-ip_advanced_firewall_manager	>= 14.0.0	<= 14.1.0
F5 Big-ip Advanced Firewall Manager 15.0.0	cpe:2.3:a:f5:big-ip_advanced_firewall_manager:15.0.0

Configuration #3

	CPE23	From	Up To
F5 Big-ip Access Policy Manager from 11.5.2 version and 11.6.4 and prior versions	cpe:2.3:a:f5:big-ip_access_policy_manager	>= 11.5.2	<= 11.6.4
F5 Big-ip Access Policy Manager from 12.1.0 version and 12.1.4 and prior versions	cpe:2.3:a:f5:big-ip_access_policy_manager	>= 12.1.0	<= 12.1.4
F5 Big-ip Access Policy Manager from 13.1.0 version and 13.1.1 and prior versions	cpe:2.3:a:f5:big-ip_access_policy_manager	>= 13.1.0	<= 13.1.1
F5 Big-ip Access Policy Manager from 14.0.0 version and 14.1.0 and prior versions	cpe:2.3:a:f5:big-ip_access_policy_manager	>= 14.0.0	<= 14.1.0
F5 Big-ip Access Policy Manager 15.0.0	cpe:2.3:a:f5:big-ip_access_policy_manager:15.0.0

Configuration #4

	CPE23	From	Up To
F5 Big-ip Application Acceleration Manager from 11.5.2 version and 11.6.4 and prior versions	cpe:2.3:a:f5:big-ip_application_acceleration_manager	>= 11.5.2	<= 11.6.4
F5 Big-ip Application Acceleration Manager from 12.1.0 version and 12.1.4 and prior versions	cpe:2.3:a:f5:big-ip_application_acceleration_manager	>= 12.1.0	<= 12.1.4
F5 Big-ip Application Acceleration Manager from 13.1.0 version and 13.1.1 and prior versions	cpe:2.3:a:f5:big-ip_application_acceleration_manager	>= 13.1.0	<= 13.1.1
F5 Big-ip Application Acceleration Manager from 14.0.0 version and 14.1.0 and prior versions	cpe:2.3:a:f5:big-ip_application_acceleration_manager	>= 14.0.0	<= 14.1.0
F5 Big-ip Application Acceleration Manager 15.0.0	cpe:2.3:a:f5:big-ip_application_acceleration_manager:15.0.0

Configuration #5

	CPE23	From	Up To
F5 Big-ip Link Controller from 11.5.2 version and 11.6.4 and prior versions	cpe:2.3:a:f5:big-ip_link_controller	>= 11.5.2	<= 11.6.4
F5 Big-ip Link Controller from 12.1.0 version and 12.1.4 and prior versions	cpe:2.3:a:f5:big-ip_link_controller	>= 12.1.0	<= 12.1.4
F5 Big-ip Link Controller from 13.1.0 version and 13.1.1 and prior versions	cpe:2.3:a:f5:big-ip_link_controller	>= 13.1.0	<= 13.1.1
F5 Big-ip Link Controller from 14.0.0 version and 14.1.0 and prior versions	cpe:2.3:a:f5:big-ip_link_controller	>= 14.0.0	<= 14.1.0
F5 Big-ip Link Controller 15.0.0	cpe:2.3:a:f5:big-ip_link_controller:15.0.0

Configuration #6

	CPE23	From	Up To
F5 Big-ip Policy Enforcement Manager from 11.5.2 version and 11.6.4 and prior versions	cpe:2.3:a:f5:big-ip_policy_enforcement_manager	>= 11.5.2	<= 11.6.4
F5 Big-ip Policy Enforcement Manager from 12.1.0 version and 12.1.4 and prior versions	cpe:2.3:a:f5:big-ip_policy_enforcement_manager	>= 12.1.0	<= 12.1.4
F5 Big-ip Policy Enforcement Manager from 13.1.0 version and 13.1.1 and prior versions	cpe:2.3:a:f5:big-ip_policy_enforcement_manager	>= 13.1.0	<= 13.1.1
F5 Big-ip Policy Enforcement Manager from 14.0.0 version and 14.1.0 and prior versions	cpe:2.3:a:f5:big-ip_policy_enforcement_manager	>= 14.0.0	<= 14.1.0
F5 Big-ip Policy Enforcement Manager 15.0.0	cpe:2.3:a:f5:big-ip_policy_enforcement_manager:15.0.0

Configuration #7

	CPE23	From	Up To
F5 Big-ip Webaccelerator from 11.5.2 version and 11.6.4 and prior versions	cpe:2.3:a:f5:big-ip_webaccelerator	>= 11.5.2	<= 11.6.4
F5 Big-ip Webaccelerator from 12.1.0 version and 12.1.4 and prior versions	cpe:2.3:a:f5:big-ip_webaccelerator	>= 12.1.0	<= 12.1.4
F5 Big-ip Webaccelerator from 13.1.0 version and 13.1.1 and prior versions	cpe:2.3:a:f5:big-ip_webaccelerator	>= 13.1.0	<= 13.1.1
F5 Big-ip Webaccelerator from 14.0.0 version and 14.1.0 and prior versions	cpe:2.3:a:f5:big-ip_webaccelerator	>= 14.0.0	<= 14.1.0
F5 Big-ip Webaccelerator 15.0.0	cpe:2.3:a:f5:big-ip_webaccelerator:15.0.0

Configuration #8

	CPE23	From	Up To
F5 Big-ip Application Security Manager from 11.5.2 version and 11.6.4 and prior versions	cpe:2.3:a:f5:big-ip_application_security_manager	>= 11.5.2	<= 11.6.4
F5 Big-ip Application Security Manager from 12.1.0 version and 12.1.4 and prior versions	cpe:2.3:a:f5:big-ip_application_security_manager	>= 12.1.0	<= 12.1.4
F5 Big-ip Application Security Manager from 13.1.0 version and 13.1.1 and prior versions	cpe:2.3:a:f5:big-ip_application_security_manager	>= 13.1.0	<= 13.1.1
F5 Big-ip Application Security Manager from 14.0.0 version and 14.1.0 and prior versions	cpe:2.3:a:f5:big-ip_application_security_manager	>= 14.0.0	<= 14.1.0
F5 Big-ip Application Security Manager 15.0.0	cpe:2.3:a:f5:big-ip_application_security_manager:15.0.0

Configuration #9

	CPE23	From	Up To
F5 Big-ip Local Traffic Manager from 11.5.2 version and 11.6.4 and prior versions	cpe:2.3:a:f5:big-ip_local_traffic_manager	>= 11.5.2	<= 11.6.4
F5 Big-ip Local Traffic Manager from 12.1.0 version and 12.1.4 and prior versions	cpe:2.3:a:f5:big-ip_local_traffic_manager	>= 12.1.0	<= 12.1.4
F5 Big-ip Local Traffic Manager from 13.1.0 version and 13.1.1 and prior versions	cpe:2.3:a:f5:big-ip_local_traffic_manager	>= 13.1.0	<= 13.1.1
F5 Big-ip Local Traffic Manager from 14.0.0 version and 14.1.0 and prior versions	cpe:2.3:a:f5:big-ip_local_traffic_manager	>= 14.0.0	<= 14.1.0
F5 Big-ip Local Traffic Manager 15.0.0	cpe:2.3:a:f5:big-ip_local_traffic_manager:15.0.0

Configuration #10

	CPE23	From	Up To
F5 Big-ip Fraud Protection Service from 11.5.2 version and 11.6.4 and prior versions	cpe:2.3:a:f5:big-ip_fraud_protection_service	>= 11.5.2	<= 11.6.4
F5 Big-ip Fraud Protection Service from 12.1.0 version and 12.1.4 and prior versions	cpe:2.3:a:f5:big-ip_fraud_protection_service	>= 12.1.0	<= 12.1.4
F5 Big-ip Fraud Protection Service from 13.1.0 version and 13.1.1 and prior versions	cpe:2.3:a:f5:big-ip_fraud_protection_service	>= 13.1.0	<= 13.1.1
F5 Big-ip Fraud Protection Service from 14.0.0 version and 14.1.0 and prior versions	cpe:2.3:a:f5:big-ip_fraud_protection_service	>= 14.0.0	<= 14.1.0
F5 Big-ip Fraud Protection Service 15.0.0	cpe:2.3:a:f5:big-ip_fraud_protection_service:15.0.0

Configuration #11

	CPE23	From	Up To
F5 Big-ip Global Traffic Manager from 11.5.2 version and 11.6.4 and prior versions	cpe:2.3:a:f5:big-ip_global_traffic_manager	>= 11.5.2	<= 11.6.4
F5 Big-ip Global Traffic Manager from 12.1.0 version and 12.1.4 and prior versions	cpe:2.3:a:f5:big-ip_global_traffic_manager	>= 12.1.0	<= 12.1.4
F5 Big-ip Global Traffic Manager from 13.1.0 version and 13.1.1 and prior versions	cpe:2.3:a:f5:big-ip_global_traffic_manager	>= 13.1.0	<= 13.1.1
F5 Big-ip Global Traffic Manager from 14.0.0 version and 14.1.0 and prior versions	cpe:2.3:a:f5:big-ip_global_traffic_manager	>= 14.0.0	<= 14.1.0
F5 Big-ip Global Traffic Manager 15.0.0	cpe:2.3:a:f5:big-ip_global_traffic_manager:15.0.0

Configuration #12

	CPE23	From	Up To
F5 Big-ip Analytics from 11.5.2 version and 11.6.4 and prior versions	cpe:2.3:a:f5:big-ip_analytics	>= 11.5.2	<= 11.6.4
F5 Big-ip Analytics from 12.1.0 version and 12.1.4 and prior versions	cpe:2.3:a:f5:big-ip_analytics	>= 12.1.0	<= 12.1.4
F5 Big-ip Analytics from 13.1.0 version and 13.1.1 and prior versions	cpe:2.3:a:f5:big-ip_analytics	>= 13.1.0	<= 13.1.1
F5 Big-ip Analytics from 14.0.0 version and 14.1.0 and prior versions	cpe:2.3:a:f5:big-ip_analytics	>= 14.0.0	<= 14.1.0
F5 Big-ip Analytics 15.0.0	cpe:2.3:a:f5:big-ip_analytics:15.0.0

Configuration #13

	CPE23	From	Up To
F5 Big-ip Edge Gateway from 11.5.2 version and 11.6.4 and prior versions	cpe:2.3:a:f5:big-ip_edge_gateway	>= 11.5.2	<= 11.6.4
F5 Big-ip Edge Gateway from 12.1.0 version and 12.1.4 and prior versions	cpe:2.3:a:f5:big-ip_edge_gateway	>= 12.1.0	<= 12.1.4
F5 Big-ip Edge Gateway from 13.1.0 version and 13.1.1 and prior versions	cpe:2.3:a:f5:big-ip_edge_gateway	>= 13.1.0	<= 13.1.1
F5 Big-ip Edge Gateway from 14.0.0 version and 14.1.0 and prior versions	cpe:2.3:a:f5:big-ip_edge_gateway	>= 14.0.0	<= 14.1.0
F5 Big-ip Edge Gateway 15.0.0	cpe:2.3:a:f5:big-ip_edge_gateway:15.0.0

Configuration #14

	CPE23	From	Up To
F5 Big-ip Domain Name System from 11.5.2 version and 11.6.4 and prior versions	cpe:2.3:a:f5:big-ip_domain_name_system	>= 11.5.2	<= 11.6.4
F5 Big-ip Domain Name System from 12.1.0 version and 12.1.4 and prior versions	cpe:2.3:a:f5:big-ip_domain_name_system	>= 12.1.0	<= 12.1.4
F5 Big-ip Domain Name System from 13.1.0 version and 13.1.1 and prior versions	cpe:2.3:a:f5:big-ip_domain_name_system	>= 13.1.0	<= 13.1.1
F5 Big-ip Domain Name System from 14.0.0 version and 14.1.0 and prior versions	cpe:2.3:a:f5:big-ip_domain_name_system	>= 14.0.0	<= 14.1.0
F5 Big-ip Domain Name System 15.0.0	cpe:2.3:a:f5:big-ip_domain_name_system:15.0.0

Configuration #15

		CPE23	From	Up To
	Canonical Ubuntu Linux 12.04	cpe:2.3:o:canonical:ubuntu_linux:12.04:::*:esm
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:esm
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:lts
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts
	Canonical Ubuntu Linux 18.10	cpe:2.3:o:canonical:ubuntu_linux:18.10
	Canonical Ubuntu Linux 19.04	cpe:2.3:o:canonical:ubuntu_linux:19.04

Configuration #16

		CPE23	From	Up To
	Redhat Enterprise Linux Atomic Host	cpe:2.3:a:redhat:enterprise_linux_atomic_host:-
	Redhat Enterprise Linux 5.0	cpe:2.3:o:redhat:enterprise_linux:5.0
	Redhat Enterprise Linux 6.0	cpe:2.3:o:redhat:enterprise_linux:6.0
	Redhat Enterprise Linux 7.0	cpe:2.3:o:redhat:enterprise_linux:7.0
	Redhat Enterprise Linux 8.0	cpe:2.3:o:redhat:enterprise_linux:8.0
	Redhat Enterprise Linux Aus 6.5	cpe:2.3:o:redhat:enterprise_linux_aus:6.5
	Redhat Enterprise Linux Aus 6.6	cpe:2.3:o:redhat:enterprise_linux_aus:6.6
	Redhat Enterprise Linux Eus 7.4	cpe:2.3:o:redhat:enterprise_linux_eus:7.4
	Redhat Enterprise Linux Eus 7.5	cpe:2.3:o:redhat:enterprise_linux_eus:7.5
	Redhat Enterprise Mrg 2.0	cpe:2.3:o:redhat:enterprise_mrg:2.0

Configuration #17

		CPE23	From	Up To
	Ivanti Connect Secure	cpe:2.3:a:ivanti:connect_secure:-
	Pulsesecure Pulse Policy Secure	cpe:2.3:a:pulsesecure:pulse_policy_secure:-
	Pulsesecure Pulse Secure Virtual Application Delivery Controller	cpe:2.3:a:pulsesecure:pulse_secure_virtual_application_delivery_controller:-

Configuration #18

		CPE23	From	Up To
	F5 Traffix Signaling Delivery Controller from 5.0.0 version and 5.1.0 and prior versions	cpe:2.3:a:f5:traffix_signaling_delivery_controller	>= 5.0.0	<= 5.1.0