A crafted sequence of SACKs will fragment the TCP retransmission queue, causing resource exhaustion. A malicious actor must have network access to an affected system including the ability to send traffic with low MSS values to the target. Successful exploitation of these issues may cause the target system to crash or significantly degrade performance.
Tag: vRealize Code Stream
ASA-2019-00406 – VMware: Selective Acknowledgement (SACK) Panic
A sequence of SACKs may be crafted such that one can trigger an integer overflow, leading to a kernel panic. A malicious actor must have network access to an affected system including the ability to send traffic with low MSS values to the target. Successful exploitation of these issues may cause the target system to crash or significantly degrade performance.