Vulnerability Details : CVE-2013-4563
The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux kernel through 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly perform a certain size comparison before inserting a fragment header, which allows remote attackers to cause a denial of service (panic) via a large IPv6 UDP packet, as demonstrated by use of the Token Bucket Filter (TBF) queueing discipline.
Vulnerability category: Denial of service
Threat overview for CVE-2013-4563
Top countries where our scanners detected CVE-2013-4563
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2013-4563 153,685
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2013-4563!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2013-4563
Probability of exploitation activity in the next 30 days: 1.49%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 85 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-4563
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.1
|
HIGH | AV:N/AC:M/Au:N/C:N/I:N/A:C |
8.6
|
6.9
|
NIST |
CWE ids for CVE-2013-4563
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-4563
-
https://bugzilla.redhat.com/show_bug.cgi?id=1030015
1030015 – (CVE-2013-4563) CVE-2013-4563 kernel: net: large udp packet over IPv6 over UFO-enabled device with TBF qdisc panicIssue Tracking
-
http://lists.opensuse.org/opensuse-security-announce/2014-02/msg00003.html
[security-announce] openSUSE-SU-2014:0205-1: important: kernel to 3.11.1Mailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2013/11/13/9
oss-security - CVE-2013-4563 -- Linux kernel: net: large udp packet over IPv6 over UFO-enabled device with TBF qdisc panicMailing List;Patch
-
http://www.ubuntu.com/usn/USN-2117-1
USN-2117-1: Linux kernel vulnerabilities | Ubuntu security noticesThird Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=0e033e04c2678dbbe74a46b23fffb7bb918c288e
Vendor Advisory
-
http://www.ubuntu.com/usn/USN-2113-1
USN-2113-1: Linux kernel (Saucy HWE) vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://github.com/torvalds/linux/commit/0e033e04c2678dbbe74a46b23fffb7bb918c288e
504 Gateway Time-outExploit;Patch
Products affected by CVE-2013-4563
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*