CVE-2008-4609

Description

The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

How to fix CVE-2008-4609

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Debian/linux—no fix listed

Is CVE-2008-4609 being exploited?

Moderate — EPSS is 32.1%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2008-4609