First published: Mon Aug 26 2019(Updated: )
OpenBSD kernel version <= 6.5 can be forced to create long chains of TCP SACK holes that causes very expensive calls to tcp_sack_option() for every incoming SACK packet which can lead to a denial of service.
Credit: cve@checkpoint.com
Affected Software | Affected Version | How to fix |
---|---|---|
Openbsd Openbsd | <=6.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-8460 is a vulnerability in the OpenBSD kernel version <= 6.5 that allows an attacker to force the creation of long chains of TCP SACK holes, leading to a denial of service.
CVE-2019-8460 has a severity rating of 7.5 (high).
OpenBSD versions up to and including 6.5 are affected by CVE-2019-8460.
An attacker can exploit the CVE-2019-8460 vulnerability by forcing the OpenBSD kernel to create long chains of TCP SACK holes, causing expensive calls to tcp_sack_option() for every incoming SACK packet.
Applying the patch provided by OpenBSD is recommended to fix the CVE-2019-8460 vulnerability. The patch can be downloaded from the official OpenBSD website.