Vulnerability DatabaseCVE-2018-5391
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2018-5391
September 06, 2018
The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.
Related ResourcesĀ (38)
https://access.redhat.com/errata/RHSA-2018:3459
https://access.redhat.com/errata/RHSA-2018:3586
https://access.redhat.com/errata/RHSA-2018:2925
https://access.redhat.com/errata/RHSA-2018:2846
https://access.redhat.com/errata/RHSA-2018:3590
https://access.redhat.com/errata/RHSA-2018:2933
https://access.redhat.com/errata/RHSA-2018:2785
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
https://usn.ubuntu.com/3742-1/
https://people.canonical.com/~ubuntu-security/cve/CVE-2018-5391
https://access.redhat.com/errata/RHSA-2018:2924
https://usn.ubuntu.com/3742-2/
https://usn.ubuntu.com/3740-2/
http://www.securitytracker.com/id/1041637
https://access.redhat.com/errata/RHSA-2018:3083
https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf
http://www.openwall.com/lists/oss-security/2019/06/28/2
https://www.kb.cert.org/vuls/id/641765
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f
http://www.openwall.com/lists/oss-security/2019/07/06/3
https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html
https://access.redhat.com/errata/RHSA-2018:3096
https://usn.ubuntu.com/3740-1/
https://support.f5.com/csp/article/K74374841?utm_source=f5support&amp%3Butm_medium=RSS
https://access.redhat.com/security/cve/CVE-2018-5391
http://www.openwall.com/lists/oss-security/2019/07/06/4
https://usn.ubuntu.com/3741-2/
https://access.redhat.com/errata/RHSA-2018:2948
https://www.debian.org/security/2018/dsa-4272
https://access.redhat.com/errata/RHSA-2018:3540
https://security.netapp.com/advisory/ntap-20181003-0002/
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en
https://usn.ubuntu.com/3741-1/
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt
https://access.redhat.com/errata/RHSA-2018:2791
https://security-tracker.debian.org/tracker/CVE-2018-5391
http://www.securityfocus.com/bid/105108
http://www.securitytracker.com/id/1041476
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.7
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
Exploit Maturity
ATTACKED
CVSS v3
Base Score:
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Exploit Maturity
HIGH
CVSS v2
Base Score:
7.8
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
Weakness Type (CWE)
Improper Input Validation
CWE-20
Uncontrolled Resource Consumption
CWE-400
EPSS
Base Score:
3.82