CVE-2018-6923

EUVD-2018-18667
In FreeBSD before 11.1-STABLE, 11.2-RELEASE-p2, 11.1-RELEASE-p13, ip fragment reassembly code is vulnerable to a denial of service due to excessive system resource consumption. This issue can allow a remote attacker who is able to send an arbitrary ip fragments to cause the machine to consume excessive resources.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
freebsdfreebsd
2.2
freebsdfreebsd
3.0
freebsdfreebsd
4.3
freebsdfreebsd
4.4
freebsdfreebsd
4.5
freebsdfreebsd
4.6
freebsdfreebsd
4.7
freebsdfreebsd
4.8
freebsdfreebsd
4.9
freebsdfreebsd
4.10
freebsdfreebsd
4.11
freebsdfreebsd
5.0
freebsdfreebsd
5.1
freebsdfreebsd
5.2
freebsdfreebsd
5.3
freebsdfreebsd
5.4
freebsdfreebsd
5.5
freebsdfreebsd
6.0
freebsdfreebsd
6.1
freebsdfreebsd
6.2
freebsdfreebsd
6.3
freebsdfreebsd
6.4
freebsdfreebsd
7.0
freebsdfreebsd
7.1
freebsdfreebsd
7.2
freebsdfreebsd
7.3
freebsdfreebsd
7.4
freebsdfreebsd
8.0
freebsdfreebsd
8.1
freebsdfreebsd
8.2
freebsdfreebsd
8.3
freebsdfreebsd
8.4
freebsdfreebsd
9.0
freebsdfreebsd
9.1
freebsdfreebsd
9.2
freebsdfreebsd
9.3
freebsdfreebsd
10.0
freebsdfreebsd
11.0
freebsdfreebsd
11.1
freebsdfreebsd
11.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/105336
http://www.securitytracker.com/id/1041505
https://www.freebsd.org/security/advisories/FreeBSD-SA-18:10.ip.asc
http://www.securityfocus.com/bid/105336
http://www.securitytracker.com/id/1041505
https://www.freebsd.org/security/advisories/FreeBSD-SA-18:10.ip.asc