How severe is CVE-2019-11479?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2019-11479?

This is classified as CWE-405, which is a common weakness in software security.

CVE-2019-11479 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.

Related Vulnerabilities

CVE-2024-34702

MEDIUM

CVSS:5.3(Medium)

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to 3.5.0 and 2.19.5, checking...

CWE-4052024

CVE-2024-0450

MEDIUM

CVSS:6.2(Medium)

An issue was found in the CPython `zipfile` module affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploi...

CWE-4052024

CVE-2024-40705

MEDIUM

CVSS:6.5(Medium)

IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM X-Force ID: 298279.

CWE-4052024

CVE-2018-15492

HIGH

CVSS:7.5(High)

A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.

CWE-4052018

CVE-2021-21359

HIGH

CVSS:7.5(High)

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler ...

CWE-4052021

CVE-2021-38447

HIGH

CVSS:7.5(High)

OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition.

CWE-4052021