ASA-2019-00498 – Wind River VxWorks: Denial of Service (DoS) of TCP connection via malformed TCP options

A specially crafted packet containing illegal TCP-options can result in the victim not just dropping the TCP-segment but also drop the TCP-session. This vulnerability affects established TCP sessions. An attacker who can figure out the source and destination TCP port and IP addresses of a session can inject invalid TCP segments into the flow, causing the TCP session to be reset. An application will see this as an ECONNRESET error message when using the socket after such an attack. The most likely outcome is a crash of the application reading from the affected socket.