CVE-2008-4609

high

Description

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

References

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-048

http://www.us-cert.gov/cas/techalerts/TA09-251A.html

http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

http://marc.info/?l=bugtraq&m=125856010926699&w=2

Details

Source: Mitre, NVD

Published: 2008-10-20

Updated: 2022-12-14

Risk Information

CVSS v2

Base Score: 7.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High