FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Resource exhaustion in non-default RACK TCP stack

Affected packages
12.0 <= FreeBSD-kernel < 12.0_6


VuXML ID c294c2e6-b309-11e9-a87f-a4badb2f4699
Discovery 2019-06-19
Entry 2019-07-30

Problem Description:

While processing acknowledgements, the RACK code uses several linked lists to maintain state entries. A malicious attacker can cause the lists to grow unbounded. This can cause an expensive list traversal on every packet being processed, leading to resource exhaustion and a denial of service.


An attacker with the ability to send specially crafted TCP traffic to a victim system can degrade network performance and/or consume excessive CPU by exploiting the inefficiency of traversing the potentially very large RACK linked lists with relatively small bandwidth cost.


CVE Name CVE-2019-5599
FreeBSD Advisory SA-19:08.rack