The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline.
References
Link | Resource |
---|---|
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0e033e04c2678dbbe74a46b23fffb7bb918c288e | Vendor Advisory |
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2013/11/13/9 | Mailing List Patch |
http://www.ubuntu.com/usn/USN-2113-1 | Third Party Advisory |
http://www.ubuntu.com/usn/USN-2117-1 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1030015 | Issue Tracking |
https://github.com/torvalds/linux/commit/0e033e04c2678dbbe74a46b23fffb7bb918c288e | Exploit Patch |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2013-11-19T15:00:00
Updated: 2014-02-28T14:57:00
Reserved: 2013-06-12T00:00:00
Link: CVE-2013-4563
JSON object: View
NVD Information
Status : Analyzed
Published: 2013-11-20T13:19:41.697
Modified: 2023-05-19T16:50:53.503
Link: CVE-2013-4563
JSON object: View
Redhat Information
No data.
CWE