Sorry for the confusing question. I was reading an article on Arstechnica that claimed there is a DoS vulnerability.
"A vulnerability in FreeBSD 12 (tracked as CVE-2019-5599) works similarly to CVE-2019-11478 but instead interacts with the RACK send map of that OS."
arstechnica.com
But, when I go to the mentioned CVE on the NVD, it is just "reserved for future use". https://nvd.nist.gov/vuln/detail/CVE-2019-5599 (Note: by the time you read this, it may have been updated with actual information).
And when I checked the FreeBSD security page, there is no mention of it. In fact the last vulnerability listed was back in May and not related to a network based attack. I assume I don't need to link to the FreeBSD security page
.
So ... did the author release information that isn't public yet or has he got his facts wrong? If he did get a scoop, seams disappointing that it gets one single small paragraph when the rest of the article is about already published vulnerabilities.
[Edit:] Someone may have answered in off-topic. Netflix found and disclosed but NVD hasn't updated the record yet: https://forums.freebsd.org/threads/netflix-found-vulnerabilities-in-freebsd.71155/#post-430236
"A vulnerability in FreeBSD 12 (tracked as CVE-2019-5599) works similarly to CVE-2019-11478 but instead interacts with the RACK send map of that OS."
New vulnerabilities may let hackers remotely SACK Linux and FreeBSD systems
Netflix researchers discovered 4 flaws that could wreak havoc in data centers.
arstechnica.com
But, when I go to the mentioned CVE on the NVD, it is just "reserved for future use". https://nvd.nist.gov/vuln/detail/CVE-2019-5599 (Note: by the time you read this, it may have been updated with actual information).
And when I checked the FreeBSD security page, there is no mention of it. In fact the last vulnerability listed was back in May and not related to a network based attack. I assume I don't need to link to the FreeBSD security page
.So ... did the author release information that isn't public yet or has he got his facts wrong? If he did get a scoop, seams disappointing that it gets one single small paragraph when the rest of the article is about already published vulnerabilities.
[Edit:] Someone may have answered in off-topic. Netflix found and disclosed but NVD hasn't updated the record yet: https://forums.freebsd.org/threads/netflix-found-vulnerabilities-in-freebsd.71155/#post-430236
