5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.003 Low
EPSS
Percentile
66.3%
Problem Description:
When a segment with the SYN flag for an already existing
connection arrives, the TCP stack tears down the connection,
bypassing a check that the sequence number in the segment
is in the expected window.
Impact:
An attacker who has the ability to spoof IP traffic can
tear down a TCP connection by sending only 2 packets, if
they know both TCP port numbers. In case one of the two
port numbers is unknown, a successful attack requires less
than 2**17 packets spoofed, which can be generated within
less than a second on a decent connection to the Internet.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | freebsd-kernel | = 10.0 | UNKNOWN |
FreeBSD | any | noarch | freebsd-kernel | < 10.0_9 | UNKNOWN |