CVE-2013-4563
Severity CVSS v4.0:
Pending analysis
Type:
CWE-189
Numeric Errors
Publication date:
20/11/2013
Last modified:
11/04/2025
Description
The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline.
Impact
Base Score 2.0
7.10
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.9.8 (including) | 3.10.23 (including) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 3.11 (including) | 3.12.4 (excluding) |
| cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:* | ||
| cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba%3Dcommit%3Bh%3D0e033e04c2678dbbe74a46b23fffb7bb918c288e
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html
- http://www.openwall.com/lists/oss-security/2013/11/13/9
- http://www.ubuntu.com/usn/USN-2113-1
- http://www.ubuntu.com/usn/USN-2117-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1030015
- https://github.com/torvalds/linux/commit/0e033e04c2678dbbe74a46b23fffb7bb918c288e
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba%3Dcommit%3Bh%3D0e033e04c2678dbbe74a46b23fffb7bb918c288e
- http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html
- http://www.openwall.com/lists/oss-security/2013/11/13/9
- http://www.ubuntu.com/usn/USN-2113-1
- http://www.ubuntu.com/usn/USN-2117-1
- https://bugzilla.redhat.com/show_bug.cgi?id=1030015
- https://github.com/torvalds/linux/commit/0e033e04c2678dbbe74a46b23fffb7bb918c288e