CVE-2019-11479

CVSS v3.1 7.5 (High)

CVSS v2.0 5 (Medium)

EPSS 97.42 % (100^th)

Affected Products 22

Advisories 61

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.

Weaknesses

CWE-405: Asymmetric Resource Consumption (Amplification)
CWE-770: Allocation of Resources Without Limits or Throttling

CVE Status: PUBLISHED
CNA: Canonical Ltd.
Published Date: 2019-06-19 00:15:12
(5 years ago)
Updated Date: 2023-11-07 03:03:02
(10 months ago)

Affected Products

Canonical

Ubuntu Linux

F5

Linux

Linux Kernel

Redhat

Configuration #1

	CPE23	From	Up To
Linux Kernel from 4.4 version and prior 4.4.182 version	cpe:2.3:o:linux:linux_kernel	>= 4.4	< 4.4.182
Linux Kernel from 4.9 version and prior 4.9.182 version	cpe:2.3:o:linux:linux_kernel	>= 4.9	< 4.9.182
Linux Kernel from 4.14 version and prior 4.14.127 version	cpe:2.3:o:linux:linux_kernel	>= 4.14	< 4.14.127
Linux Kernel from 4.19 version and prior 4.19.52 version	cpe:2.3:o:linux:linux_kernel	>= 4.19	< 4.19.52
Linux Kernel from 5.1 version and prior 5.1.11 version	cpe:2.3:o:linux:linux_kernel	>= 5.1	< 5.1.11

Configuration #2

	CPE23	From	Up To
F5 Big-ip Advanced Firewall Manager from 11.5.2 version and prior 11.6.5.1 version	cpe:2.3:a:f5:big-ip_advanced_firewall_manager	>= 11.5.2	< 11.6.5.1
F5 Big-ip Advanced Firewall Manager from 12.1.0 version and prior 12.1.5.1 version	cpe:2.3:a:f5:big-ip_advanced_firewall_manager	>= 12.1.0	< 12.1.5.1
F5 Big-ip Advanced Firewall Manager from 13.1.0 version and prior 13.1.3.2 version	cpe:2.3:a:f5:big-ip_advanced_firewall_manager	>= 13.1.0	< 13.1.3.2
F5 Big-ip Advanced Firewall Manager from 14.0.0 version and prior 14.0.1.1 version	cpe:2.3:a:f5:big-ip_advanced_firewall_manager	>= 14.0.0	< 14.0.1.1
F5 Big-ip Advanced Firewall Manager from 14.1.2 version and prior 14.1.2.1 version	cpe:2.3:a:f5:big-ip_advanced_firewall_manager	>= 14.1.2	< 14.1.2.1
F5 Big-ip Advanced Firewall Manager from 15.0.0 version and prior 15.0.1.1 version	cpe:2.3:a:f5:big-ip_advanced_firewall_manager	>= 15.0.0	< 15.0.1.1

Configuration #3

	CPE23	From	Up To
F5 Big-ip Access Policy Manager from 11.5.2 version and prior 11.6.5.1 version	cpe:2.3:a:f5:big-ip_access_policy_manager	>= 11.5.2	< 11.6.5.1
F5 Big-ip Access Policy Manager from 12.1.0 version and prior 12.1.5.1 version	cpe:2.3:a:f5:big-ip_access_policy_manager	>= 12.1.0	< 12.1.5.1
F5 Big-ip Access Policy Manager from 13.1.0 version and prior 13.1.3.2 version	cpe:2.3:a:f5:big-ip_access_policy_manager	>= 13.1.0	< 13.1.3.2
F5 Big-ip Access Policy Manager from 14.0.0 version and prior 14.0.1.1 version	cpe:2.3:a:f5:big-ip_access_policy_manager	>= 14.0.0	< 14.0.1.1
F5 Big-ip Access Policy Manager from 14.1.2 version and prior 14.1.2.1 version	cpe:2.3:a:f5:big-ip_access_policy_manager	>= 14.1.2	< 14.1.2.1
F5 Big-ip Access Policy Manager from 15.0.0 version and prior 15.0.1.1 version	cpe:2.3:a:f5:big-ip_access_policy_manager	>= 15.0.0	< 15.0.1.1

Configuration #4

	CPE23	From	Up To
F5 Big-ip Application Acceleration Manager from 11.5.2 version and prior 11.6.5.1 version	cpe:2.3:a:f5:big-ip_application_acceleration_manager	>= 11.5.2	< 11.6.5.1
F5 Big-ip Application Acceleration Manager from 12.1.0 version and prior 12.1.5.1 version	cpe:2.3:a:f5:big-ip_application_acceleration_manager	>= 12.1.0	< 12.1.5.1
F5 Big-ip Application Acceleration Manager from 13.1.0 version and prior 13.1.3.2 version	cpe:2.3:a:f5:big-ip_application_acceleration_manager	>= 13.1.0	< 13.1.3.2
F5 Big-ip Application Acceleration Manager from 14.0.0 version and prior 14.0.1.1 version	cpe:2.3:a:f5:big-ip_application_acceleration_manager	>= 14.0.0	< 14.0.1.1
F5 Big-ip Application Acceleration Manager from 14.1.2 version and prior 14.1.2.1 version	cpe:2.3:a:f5:big-ip_application_acceleration_manager	>= 14.1.2	< 14.1.2.1
F5 Big-ip Application Acceleration Manager from 15.0.0 version and prior 15.0.1.1 version	cpe:2.3:a:f5:big-ip_application_acceleration_manager	>= 15.0.0	< 15.0.1.1

Configuration #5

	CPE23	From	Up To
F5 Big-ip Link Controller from 11.5.2 version and prior 11.6.5.1 version	cpe:2.3:a:f5:big-ip_link_controller	>= 11.5.2	< 11.6.5.1
F5 Big-ip Link Controller from 12.1.0 version and prior 12.1.5.1 version	cpe:2.3:a:f5:big-ip_link_controller	>= 12.1.0	< 12.1.5.1
F5 Big-ip Link Controller from 13.1.0 version and prior 13.1.3.2 version	cpe:2.3:a:f5:big-ip_link_controller	>= 13.1.0	< 13.1.3.2
F5 Big-ip Link Controller from 14.0.0 version and prior 14.0.1.1 version	cpe:2.3:a:f5:big-ip_link_controller	>= 14.0.0	< 14.0.1.1
F5 Big-ip Link Controller from 14.1.2 version and prior 14.1.2.1 version	cpe:2.3:a:f5:big-ip_link_controller	>= 14.1.2	< 14.1.2.1
F5 Big-ip Link Controller from 15.0.0 version and prior 15.0.1.1 version	cpe:2.3:a:f5:big-ip_link_controller	>= 15.0.0	< 15.0.1.1

Configuration #6

	CPE23	From	Up To
F5 Big-ip Policy Enforcement Manager from 11.5.2 version and prior 11.6.5.1 version	cpe:2.3:a:f5:big-ip_policy_enforcement_manager	>= 11.5.2	< 11.6.5.1
F5 Big-ip Policy Enforcement Manager from 12.1.0 version and prior 12.1.5.1 version	cpe:2.3:a:f5:big-ip_policy_enforcement_manager	>= 12.1.0	< 12.1.5.1
F5 Big-ip Policy Enforcement Manager from 13.1.0 version and prior 13.1.3.2 version	cpe:2.3:a:f5:big-ip_policy_enforcement_manager	>= 13.1.0	< 13.1.3.2
F5 Big-ip Policy Enforcement Manager from 14.0.0 version and prior 14.0.1.1 version	cpe:2.3:a:f5:big-ip_policy_enforcement_manager	>= 14.0.0	< 14.0.1.1
F5 Big-ip Policy Enforcement Manager from 14.1.2 version and prior 14.1.2.1 version	cpe:2.3:a:f5:big-ip_policy_enforcement_manager	>= 14.1.2	< 14.1.2.1
F5 Big-ip Policy Enforcement Manager from 15.0.0 version and prior 15.0.1.1 version	cpe:2.3:a:f5:big-ip_policy_enforcement_manager	>= 15.0.0	< 15.0.1.1

Configuration #7

	CPE23	From	Up To
F5 Big-ip Webaccelerator from 11.5.2 version and prior 11.6.5.1 version	cpe:2.3:a:f5:big-ip_webaccelerator	>= 11.5.2	< 11.6.5.1
F5 Big-ip Webaccelerator from 12.1.0 version and prior 12.1.5.1 version	cpe:2.3:a:f5:big-ip_webaccelerator	>= 12.1.0	< 12.1.5.1
F5 Big-ip Webaccelerator from 13.1.0 version and prior 13.1.3.2 version	cpe:2.3:a:f5:big-ip_webaccelerator	>= 13.1.0	< 13.1.3.2
F5 Big-ip Webaccelerator from 14.0.0 version and prior 14.0.1.1 version	cpe:2.3:a:f5:big-ip_webaccelerator	>= 14.0.0	< 14.0.1.1
F5 Big-ip Webaccelerator from 14.1.2 version and prior 14.1.2.1 version	cpe:2.3:a:f5:big-ip_webaccelerator	>= 14.1.2	< 14.1.2.1
F5 Big-ip Webaccelerator from 15.0.0 version and prior 15.0.1.1 version	cpe:2.3:a:f5:big-ip_webaccelerator	>= 15.0.0	< 15.0.1.1

Configuration #8

	CPE23	From	Up To
F5 Big-ip Application Security Manager from 11.5.2 version and prior 11.6.5.1 version	cpe:2.3:a:f5:big-ip_application_security_manager	>= 11.5.2	< 11.6.5.1
F5 Big-ip Application Security Manager from 12.1.0 version and prior 12.1.5.1 version	cpe:2.3:a:f5:big-ip_application_security_manager	>= 12.1.0	< 12.1.5.1
F5 Big-ip Application Security Manager from 13.1.0 version and prior 13.1.3.2 version	cpe:2.3:a:f5:big-ip_application_security_manager	>= 13.1.0	< 13.1.3.2
F5 Big-ip Application Security Manager from 14.0.0 version and prior 14.0.1.1 version	cpe:2.3:a:f5:big-ip_application_security_manager	>= 14.0.0	< 14.0.1.1
F5 Big-ip Application Security Manager from 14.1.2 version and prior 14.1.2.1 version	cpe:2.3:a:f5:big-ip_application_security_manager	>= 14.1.2	< 14.1.2.1
F5 Big-ip Application Security Manager from 15.0.0 version and prior 15.0.1.1 version	cpe:2.3:a:f5:big-ip_application_security_manager	>= 15.0.0	< 15.0.1.1

Configuration #9

	CPE23	From	Up To
F5 Big-ip Local Traffic Manager from 11.5.2 version and prior 11.6.5.1 version	cpe:2.3:a:f5:big-ip_local_traffic_manager	>= 11.5.2	< 11.6.5.1
F5 Big-ip Local Traffic Manager from 12.1.0 version and prior 12.1.5.1 version	cpe:2.3:a:f5:big-ip_local_traffic_manager	>= 12.1.0	< 12.1.5.1
F5 Big-ip Local Traffic Manager from 13.1.0 version and prior 13.1.3.2 version	cpe:2.3:a:f5:big-ip_local_traffic_manager	>= 13.1.0	< 13.1.3.2
F5 Big-ip Local Traffic Manager from 14.0.0 version and prior 14.0.1.1 version	cpe:2.3:a:f5:big-ip_local_traffic_manager	>= 14.0.0	< 14.0.1.1
F5 Big-ip Local Traffic Manager from 14.1.2 version and prior 14.1.2.1 version	cpe:2.3:a:f5:big-ip_local_traffic_manager	>= 14.1.2	< 14.1.2.1
F5 Big-ip Local Traffic Manager from 15.0.0 version and prior 15.0.1.1 version	cpe:2.3:a:f5:big-ip_local_traffic_manager	>= 15.0.0	< 15.0.1.1

Configuration #10

	CPE23	From	Up To
F5 Big-ip Fraud Protection Service from 11.5.2 version and prior 11.6.5.1 version	cpe:2.3:a:f5:big-ip_fraud_protection_service	>= 11.5.2	< 11.6.5.1
F5 Big-ip Fraud Protection Service from 12.1.0 version and prior 12.1.5.1 version	cpe:2.3:a:f5:big-ip_fraud_protection_service	>= 12.1.0	< 12.1.5.1
F5 Big-ip Fraud Protection Service from 13.1.0 version and prior 13.1.3.2 version	cpe:2.3:a:f5:big-ip_fraud_protection_service	>= 13.1.0	< 13.1.3.2
F5 Big-ip Fraud Protection Service from 14.0.0 version and prior 14.0.1.1 version	cpe:2.3:a:f5:big-ip_fraud_protection_service	>= 14.0.0	< 14.0.1.1
F5 Big-ip Fraud Protection Service from 14.1.2 version and prior 14.1.2.1 version	cpe:2.3:a:f5:big-ip_fraud_protection_service	>= 14.1.2	< 14.1.2.1
F5 Big-ip Fraud Protection Service from 15.0.0 version and prior 15.0.1.1 version	cpe:2.3:a:f5:big-ip_fraud_protection_service	>= 15.0.0	< 15.0.1.1

Configuration #11

	CPE23	From	Up To
F5 Big-ip Global Traffic Manager from 11.5.2 version and prior 11.6.5.1 version	cpe:2.3:a:f5:big-ip_global_traffic_manager	>= 11.5.2	< 11.6.5.1
F5 Big-ip Global Traffic Manager from 12.1.0 version and prior 12.1.5.1 version	cpe:2.3:a:f5:big-ip_global_traffic_manager	>= 12.1.0	< 12.1.5.1
F5 Big-ip Global Traffic Manager from 13.1.0 version and prior 13.1.3.2 version	cpe:2.3:a:f5:big-ip_global_traffic_manager	>= 13.1.0	< 13.1.3.2
F5 Big-ip Global Traffic Manager from 14.0.0 version and prior 14.0.1.1 version	cpe:2.3:a:f5:big-ip_global_traffic_manager	>= 14.0.0	< 14.0.1.1
F5 Big-ip Global Traffic Manager from 14.1.2 version and prior 14.1.2.1 version	cpe:2.3:a:f5:big-ip_global_traffic_manager	>= 14.1.2	< 14.1.2.1
F5 Big-ip Global Traffic Manager from 15.0.0 version and prior 15.0.1.1 version	cpe:2.3:a:f5:big-ip_global_traffic_manager	>= 15.0.0	< 15.0.1.1

Configuration #12

	CPE23	From	Up To
F5 Big-ip Analytics from 11.5.2 version and prior 11.6.5.1 version	cpe:2.3:a:f5:big-ip_analytics	>= 11.5.2	< 11.6.5.1
F5 Big-ip Analytics from 12.1.0 version and prior 12.1.5.1 version	cpe:2.3:a:f5:big-ip_analytics	>= 12.1.0	< 12.1.5.1
F5 Big-ip Analytics from 13.1.0 version and prior 13.1.3.2 version	cpe:2.3:a:f5:big-ip_analytics	>= 13.1.0	< 13.1.3.2
F5 Big-ip Analytics from 14.0.0 version and prior 14.0.1.1 version	cpe:2.3:a:f5:big-ip_analytics	>= 14.0.0	< 14.0.1.1
F5 Big-ip Analytics from 14.1.2 version and prior 14.1.2.1 version	cpe:2.3:a:f5:big-ip_analytics	>= 14.1.2	< 14.1.2.1
F5 Big-ip Analytics from 15.0.0 version and prior 15.0.1.1 version	cpe:2.3:a:f5:big-ip_analytics	>= 15.0.0	< 15.0.1.1

Configuration #13

	CPE23	From	Up To
F5 Big-ip Edge Gateway from 11.5.2 version and prior 11.6.5.1 version	cpe:2.3:a:f5:big-ip_edge_gateway	>= 11.5.2	< 11.6.5.1
F5 Big-ip Edge Gateway from 12.1.0 version and prior 12.1.5.1 version	cpe:2.3:a:f5:big-ip_edge_gateway	>= 12.1.0	< 12.1.5.1
F5 Big-ip Edge Gateway from 13.1.0 version and prior 13.1.3.2 version	cpe:2.3:a:f5:big-ip_edge_gateway	>= 13.1.0	< 13.1.3.2
F5 Big-ip Edge Gateway from 14.0.0 version and prior 14.0.1.1 version	cpe:2.3:a:f5:big-ip_edge_gateway	>= 14.0.0	< 14.0.1.1
F5 Big-ip Edge Gateway from 14.1.2 version and prior 14.1.2.1 version	cpe:2.3:a:f5:big-ip_edge_gateway	>= 14.1.2	< 14.1.2.1
F5 Big-ip Edge Gateway from 15.0.0 version and prior 15.0.1.1 version	cpe:2.3:a:f5:big-ip_edge_gateway	>= 15.0.0	< 15.0.1.1

Configuration #14

	CPE23	From	Up To
F5 Big-ip Domain Name System from 11.5.2 version and prior 11.6.5.1 version	cpe:2.3:a:f5:big-ip_domain_name_system	>= 11.5.2	< 11.6.5.1
F5 Big-ip Domain Name System from 12.1.0 version and prior 12.1.5.1 version	cpe:2.3:a:f5:big-ip_domain_name_system	>= 12.1.0	< 12.1.5.1
F5 Big-ip Domain Name System from 13.1.0 version and prior 13.1.3.2 version	cpe:2.3:a:f5:big-ip_domain_name_system	>= 13.1.0	< 13.1.3.2
F5 Big-ip Domain Name System from 14.0.0 version and prior 14.0.1.1 version	cpe:2.3:a:f5:big-ip_domain_name_system	>= 14.0.0	< 14.0.1.1
F5 Big-ip Domain Name System from 14.1.2 version and prior 14.1.2.1 version	cpe:2.3:a:f5:big-ip_domain_name_system	>= 14.1.2	< 14.1.2.1
F5 Big-ip Domain Name System from 15.0.0 version and prior 15.0.1.1 version	cpe:2.3:a:f5:big-ip_domain_name_system	>= 15.0.0	< 15.0.1.1

Configuration #15

		CPE23	From	Up To
	Canonical Ubuntu Linux 14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04:::*:esm
	Canonical Ubuntu Linux 16.04	cpe:2.3:o:canonical:ubuntu_linux:16.04:::*:lts
	Canonical Ubuntu Linux 18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::*:lts
	Canonical Ubuntu Linux 18.10	cpe:2.3:o:canonical:ubuntu_linux:18.10
	Canonical Ubuntu Linux 19.04	cpe:2.3:o:canonical:ubuntu_linux:19.04

Configuration #16

		CPE23	From	Up To
	Redhat Enterprise Linux 7.0	cpe:2.3:o:redhat:enterprise_linux:7.0

Configuration #17

	CPE23	From	Up To
F5 Big-iq Centralized Management from 5.1.0 version and 5.4.0 and prior versions	cpe:2.3:a:f5:big-iq_centralized_management	>= 5.1.0	<= 5.4.0
F5 Big-iq Centralized Management from 6.0.0 version and 6.1.0 and prior versions	cpe:2.3:a:f5:big-iq_centralized_management	>= 6.0.0	<= 6.1.0
F5 Enterprise Manager 3.1.1	cpe:2.3:a:f5:enterprise_manager:3.1.1
F5 Iworkflow 2.3.0	cpe:2.3:a:f5:iworkflow:2.3.0
F5 Traffix Signaling Delivery Controller from 5.0.0 version and 5.1.0 and prior versions	cpe:2.3:a:f5:traffix_signaling_delivery_controller	>= 5.0.0	<= 5.1.0

Configuration #18

AND

		CPE23
OR
	Redhat Virtualization Host 4.0	cpe:2.3:a:redhat:virtualization_host:4.0
OR
	Running on/with
	Redhat Enterprise Linux 7.0	cpe:2.3:o:redhat:enterprise_linux:7.0