cnvd - cnvd-2020-38785

cnvd-2020-38785

Vulnerability from cnvd

Title: FreeBSD CPU资源消耗漏洞

Description:

FreeBSD是由Core Team团队负责的FreeBSD项目中的一套类Unix自由操作系统，是经过BSD、386BSD和4.4BSD发展而来的类Unix的一个重要分支。

FreeBSD 11.2-RELEASE-p1之前版本、11.1-RELEASE-p12之前版本和10.4-RELEASE-p10之前版本中存在安全漏洞，该漏洞源于带有TCP段的数据结构使用了不合理的算法来重组数据。攻击者可利用该漏洞通过发送TCP流量利用该漏洞降低用户系统的网络性能和/或消耗大量CPU。

Severity: 中

Patch Name: FreeBSD CPU资源消耗漏洞的补丁

Patch Description:

FreeBSD是由Core Team团队负责的FreeBSD项目中的一套类Unix自由操作系统，是经过BSD、386BSD和4.4BSD发展而来的类Unix的一个重要分支。

Formal description:

厂商已发布漏洞修复程序，请及时关注更新： https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc

Reference: https://securitytracker.com/id/1041425

Impacted products

Name
['Freebsd Freebsd <11.2-RELEASE-p1', 'Freebsd Freebsd <11.1-RELEASE-p12', 'Freebsd Freebsd <10.4-RELEASE-p10']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-6922"
    }
  },
  "description": "FreeBSD\u662f\u7531Core Team\u56e2\u961f\u8d1f\u8d23\u7684FreeBSD\u9879\u76ee\u4e2d\u7684\u4e00\u5957\u7c7bUnix\u81ea\u7531\u64cd\u4f5c\u7cfb\u7edf\uff0c\u662f\u7ecf\u8fc7BSD\u3001386BSD\u548c4.4BSD\u53d1\u5c55\u800c\u6765\u7684\u7c7bUnix\u7684\u4e00\u4e2a\u91cd\u8981\u5206\u652f\u3002\n\nFreeBSD 11.2-RELEASE-p1\u4e4b\u524d\u7248\u672c\u300111.1-RELEASE-p12\u4e4b\u524d\u7248\u672c\u548c10.4-RELEASE-p10\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e26\u6709TCP\u6bb5\u7684\u6570\u636e\u7ed3\u6784\u4f7f\u7528\u4e86\u4e0d\u5408\u7406\u7684\u7b97\u6cd5\u6765\u91cd\u7ec4\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u53d1\u9001TCP\u6d41\u91cf\u5229\u7528\u8be5\u6f0f\u6d1e\u964d\u4f4e\u7528\u6237\u7cfb\u7edf\u7684\u7f51\u7edc\u6027\u80fd\u548c/\u6216\u6d88\u8017\u5927\u91cfCPU\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-38785",
  "openTime": "2020-07-14",
  "patchDescription": "FreeBSD\u662f\u7531Core Team\u56e2\u961f\u8d1f\u8d23\u7684FreeBSD\u9879\u76ee\u4e2d\u7684\u4e00\u5957\u7c7bUnix\u81ea\u7531\u64cd\u4f5c\u7cfb\u7edf\uff0c\u662f\u7ecf\u8fc7BSD\u3001386BSD\u548c4.4BSD\u53d1\u5c55\u800c\u6765\u7684\u7c7bUnix\u7684\u4e00\u4e2a\u91cd\u8981\u5206\u652f\u3002\r\n\r\nFreeBSD 11.2-RELEASE-p1\u4e4b\u524d\u7248\u672c\u300111.1-RELEASE-p12\u4e4b\u524d\u7248\u672c\u548c10.4-RELEASE-p10\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e26\u6709TCP\u6bb5\u7684\u6570\u636e\u7ed3\u6784\u4f7f\u7528\u4e86\u4e0d\u5408\u7406\u7684\u7b97\u6cd5\u6765\u91cd\u7ec4\u6570\u636e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u53d1\u9001TCP\u6d41\u91cf\u5229\u7528\u8be5\u6f0f\u6d1e\u964d\u4f4e\u7528\u6237\u7cfb\u7edf\u7684\u7f51\u7edc\u6027\u80fd\u548c/\u6216\u6d88\u8017\u5927\u91cfCPU\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "FreeBSD CPU\u8d44\u6e90\u6d88\u8017\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Freebsd Freebsd \u003c11.2-RELEASE-p1",
      "Freebsd Freebsd \u003c11.1-RELEASE-p12",
      "Freebsd Freebsd \u003c10.4-RELEASE-p10"
    ]
  },
  "referenceLink": "https://securitytracker.com/id/1041425",
  "serverity": "\u4e2d",
  "submitTime": "2018-08-07",
  "title": "FreeBSD CPU\u8d44\u6e90\u6d88\u8017\u6f0f\u6d1e"
}

CVE-2018-6922 (GCVE-0-2018-6922)

Vulnerability from cvelistv5

Published

2018-08-09 18:00

Modified

2024-09-16 17:53

Severity ?

CWE

CWE-400 - Uncontrolled Resource Consumption ('Resource Exhaustion')

Summary

One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system's network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost.

References

▼	URL	Tags
	https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc	vendor-advisory, x_refsource_FREEBSD
	http://www.securitytracker.com/id/1041425	vdb-entry, x_refsource_SECTRACK
	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/105058	vdb-entry, x_refsource_BID
	https://security.netapp.com/advisory/ntap-20180815-0002/	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	FreeBSD	FreeBSD	Version: All versions prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, 10.4-RELEASE-p10

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:17:17.137Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FreeBSD-SA-18:08",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc"
          },
          {
            "name": "1041425",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041425"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "name": "105058",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105058"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180815-0002/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FreeBSD",
          "vendor": "FreeBSD",
          "versions": [
            {
              "status": "affected",
              "version": "All versions prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, 10.4-RELEASE-p10"
            }
          ]
        }
      ],
      "datePublic": "2018-08-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system\u0027s network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption (\u0027Resource Exhaustion\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-16T18:57:01",
        "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "shortName": "freebsd"
      },
      "references": [
        {
          "name": "FreeBSD-SA-18:08",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc"
        },
        {
          "name": "1041425",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041425"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "name": "105058",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105058"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180815-0002/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secteam@freebsd.org",
          "DATE_PUBLIC": "2018-08-08T00:00:00",
          "ID": "CVE-2018-6922",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FreeBSD",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, 10.4-RELEASE-p10"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FreeBSD"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "One of the data structures that holds TCP segments in all versions of FreeBSD prior to 11.2-RELEASE-p1, 11.1-RELEASE-p12, and 10.4-RELEASE-p10 uses an inefficient algorithm to reassemble the data. This causes the CPU time spent on segment processing to grow linearly with the number of segments in the reassembly queue. An attacker who has the ability to send TCP traffic to a victim system can degrade the victim system\u0027s network performance and/or consume excessive CPU by exploiting the inefficiency of TCP reassembly handling, with relatively small bandwidth cost."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400: Uncontrolled Resource Consumption (\u0027Resource Exhaustion\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FreeBSD-SA-18:08",
              "refsource": "FREEBSD",
              "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:08.tcp.asc"
            },
            {
              "name": "1041425",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041425"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "105058",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105058"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180815-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180815-0002/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
    "assignerShortName": "freebsd",
    "cveId": "CVE-2018-6922",
    "datePublished": "2018-08-09T18:00:00Z",
    "dateReserved": "2018-02-12T00:00:00",
    "dateUpdated": "2024-09-16T17:53:10.816Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted