7.5
CWE
1049
Advisory Published
Updated

CVE-2019-8460

First published: Mon Aug 26 2019(Updated: )

OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service.

Credit: cve@checkpoint.com

Affected SoftwareAffected VersionHow to fix
Openbsd Openbsd<=6.5
Siemens CloudConnect 712<1.1.5
1.1.5
Siemens ROX II<2.13.3
2.13.3
Siemens RUGGEDCOM APE 1404 Linux: All versions prior to Debian 9 Linux Image 2019-12-13
Siemens RUGGEDCOM RM1224 (6GK6108-4AM00)<6.2
6.2
Siemens RUGGEDCOM RX 1400 VPE Debian Linux: All versions prior to Debian 9 Linux Image 2019-12-13
Siemens RUGGEDCOM RX 1400 VPE Linux CloudConnect: All versions prior to Debian 9 Linux Image 2019-12-13 13 (only affected by CVE-2019-11479)
Siemens SCALANCE M804PB (6GK5804-0AP00-2AA2)<6.2
6.2
Siemens SCALANCE M812-1 ADSL-Router (Annex A) (6GK5812-1AA00-2AA2)<6.2
6.2
Siemens SCALANCE M812-1 ADSL-Router (Annex B) (6GK5812-1BA00-2AA2)<6.2
6.2
Siemens SCALANCE M816-1 ADSL-Router (Annex A) (6GK5816-1AA00-2AA2)<6.2
6.2
Siemens SCALANCE M816-1 ADSL-Router (Annex B) (6GK5816-1BA00-2AA2)<6.2
6.2
Siemens SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2)<6.2
6.2
Siemens SCALANCE M874-2 (6GK5874-2AA00-2AA2)<6.2
6.2
Siemens SCALANCE M874-3 (6GK5874-3AA00-2AA2)<6.2
6.2
Siemens SCALANCE M875
Siemens SCALANCE M876-3 (6GK5876-3AA02-2BA2)<6.2
6.2
Siemens SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2)<6.2
6.2
Siemens SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2)<6.2
6.2
Siemens SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2)<6.2
6.2
Siemens SCALANCE S602<4.1
4.1
Siemens SCALANCE S612<4.1
4.1
Siemens SCALANCE S615 (6GK5615-0AA00-2AA2)<6.2
6.2
Siemens SCALANCE S623<4.1
4.1
Siemens SCALANCE S627-2M<4.1
4.1
Siemens SCALANCE SC622-2C (6GK5622-2GS00-2AC2)<2.0.1
2.0.1
Siemens SCALANCE SC632-2C (6GK5632-2GS00-2AC2)<2.0.1
2.0.1
Siemens SCALANCE SC636-2C (6GK5636-2GS00-2AC2)<2.0.1
2.0.1
Siemens SCALANCE SC642-2C (6GK5642-2GS00-2AC2)<2.0.1
2.0.1
Siemens SCALANCE SC646-2C (6GK5646-2GS00-2AC2)<2.0.1
2.0.1
Siemens SCALANCE W1750D<8.6.0
8.6.0
Siemens SCALANCE W-700 IEEE 802.11n family<6.4
6.4
Siemens SCALANCE W-1700 IEEE 802.11ac family<2.0
2.0
Siemens SCALANCE WLC711
Siemens SCALANCE WLC712
Siemens SIMATIC CM 1542-1<3.0
3.0
Siemens SIMATIC CP 343-1 Advanced (incl. SIPLUS variants)

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2019-8460?

    CVE-2019-8460 is a vulnerability in the OpenBSD kernel version <= 6.5 that allows an attacker to force the creation of long chains of TCP SACK holes, leading to a denial of service.

  • How severe is CVE-2019-8460?

    CVE-2019-8460 has a severity rating of 7.5 (high).

  • Which version of OpenBSD is affected by CVE-2019-8460?

    OpenBSD versions up to and including 6.5 are affected by CVE-2019-8460.

  • How can the CVE-2019-8460 vulnerability be exploited?

    An attacker can exploit the CVE-2019-8460 vulnerability by forcing the OpenBSD kernel to create long chains of TCP SACK holes, causing expensive calls to tcp_sack_option() for every incoming SACK packet.

  • What is the recommended fix for CVE-2019-8460?

    Applying the patch provided by OpenBSD is recommended to fix the CVE-2019-8460 vulnerability. The patch can be downloaded from the official OpenBSD website.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203