CVE-2019-3900

Source
https://cve.org/CVERecord?id=CVE-2019-3900
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3900.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2019-3900
Downstream
Related
Published
2019-04-25T15:29:00.407Z
Modified
2026-02-24T11:38:57.947169Z
Severity
  • 7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An infinite loop issue was found in the vhostnet kernel module in Linux Kernel up to and including v5.1-rc6, while handling incoming packets in handlerx(). It could occur if one end sends packets faster than the other end can process them. A guest user, maybe remote one, could use this flaw to stall the vhost_net kernel thread, resulting in a DoS scenario.

References

Affected packages

Git
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
Events
Introduced
8fe28cb58bcb235034b64cbbb7550a8a43fd88be
Fixed
0ecfebd2b52404ae0c54a878c872bb93363ada36

Affected versions

v4.*
v4.20
v5.*
v5.0
v5.0-rc1
v5.0-rc2
v5.0-rc3
v5.0-rc4
v5.0-rc5
v5.0-rc6
v5.0-rc7
v5.0-rc8
v5.1
v5.1-rc1
v5.1-rc2
v5.1-rc3
v5.1-rc4
v5.1-rc5
v5.1-rc6
v5.1-rc7
v5.2-rc1
v5.2-rc2
v5.2-rc3
v5.2-rc4
v5.2-rc5
v5.2-rc6
v5.2-rc7

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3900.json"
github.com/checkstyle/checkstyle

Affected ranges

Type
GIT
Repo
https://github.com/checkstyle/checkstyle
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

Other
bcel
release1_1
release1_2
release1_3
release1_4
release2_0
release2_2
release2_4
release3_0
release3_1
release3_2
release3_3
release3_4
release4_0
release4_0_beta_1
release4_0_beta_2
release4_0_beta_3
release4_0_beta_4
release4_0_beta_5
release4_1
release4_2
release4_3
release4_4
release5_3
release5_4
release5_5
release5_6
release5_7
v2-branch_lmp
checkstyle-5.*
checkstyle-5.8
checkstyle-5.9
checkstyle-6.*
checkstyle-6.0
checkstyle-6.1
checkstyle-6.1.1
checkstyle-6.10
checkstyle-6.10.1
checkstyle-6.11
checkstyle-6.11.1
checkstyle-6.11.2
checkstyle-6.12
checkstyle-6.12.1
checkstyle-6.13
checkstyle-6.14
checkstyle-6.14.1
checkstyle-6.15
checkstyle-6.16
checkstyle-6.16.1
checkstyle-6.17
checkstyle-6.18
checkstyle-6.19
checkstyle-6.2
checkstyle-6.3
checkstyle-6.4
checkstyle-6.4.1
checkstyle-6.5
checkstyle-6.6
checkstyle-6.7
checkstyle-6.8
checkstyle-6.8.1
checkstyle-6.9
checkstyle-7.*
checkstyle-7.0
checkstyle-7.1
checkstyle-7.1.1
checkstyle-7.1.2
checkstyle-7.2
checkstyle-7.3
checkstyle-7.4
checkstyle-7.5
checkstyle-7.5.1
checkstyle-7.6
checkstyle-7.6.1
checkstyle-7.7
checkstyle-7.8
checkstyle-7.8.1
checkstyle-7.8.2
checkstyle-8.*
checkstyle-8.0
checkstyle-8.1
checkstyle-8.10
checkstyle-8.10.1
checkstyle-8.2
checkstyle-8.3
checkstyle-8.4
checkstyle-8.5
checkstyle-8.6
checkstyle-8.7
checkstyle-8.8
checkstyle-8.9

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3900.json"
vanir_signatures
[
    {
        "signature_type": "Line",
        "target": {
            "file": "src/test/java/com/puppycrawl/tools/checkstyle/api/JavadocTokenTypesTest.java"
        },
        "deprecated": false,
        "id": "CVE-2019-3900-1337ed62",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "330783449895898490756523123912080443966",
                "211329588561842300411291328935119748590",
                "213335473798029909252127424008598975906",
                "59237672096858256397790723256279432533",
                "202743138070593260373554723328368231282",
                "54855662767261669893818210887353885885",
                "13220711924947749185391536602072999000",
                "239624186562695941056612124286120814699"
            ]
        },
        "source": "https://github.com/checkstyle/checkstyle/commit/c77953b8a8ac160fbc83086b1dd80645e47f419e"
    },
    {
        "signature_type": "Function",
        "target": {
            "file": "src/test/java/com/puppycrawl/tools/checkstyle/utils/JavadocUtilsTest.java",
            "function": "testGetTokenNameForLowerBoundInvalidId"
        },
        "deprecated": false,
        "id": "CVE-2019-3900-15fff9a0",
        "signature_version": "v1",
        "digest": {
            "function_hash": "251828518032866550304416758956888341542",
            "length": 253.0
        },
        "source": "https://github.com/checkstyle/checkstyle/commit/c77953b8a8ac160fbc83086b1dd80645e47f419e"
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "src/test/java/com/puppycrawl/tools/checkstyle/utils/JavadocUtilsTest.java"
        },
        "deprecated": false,
        "id": "CVE-2019-3900-36548546",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "79051362574960102759184077249616579791",
                "139915517594237403462284197760163786126",
                "181515273874299777986811339415832867013",
                "211620816414269959643275459919778687078",
                "181993415527562832828189679908953834830",
                "327576928032556171137052786214372777530",
                "17851273704468831215773231152858683300",
                "308637961014553747925364979941159001339",
                "321723940989602473885352374175383191003",
                "205782275624595353211988703632924681754",
                "284927964502107770483183018484605798832",
                "55815529764773402201832410798008016195",
                "200145681589847390957386540235028938434"
            ]
        },
        "source": "https://github.com/checkstyle/checkstyle/commit/c77953b8a8ac160fbc83086b1dd80645e47f419e"
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "src/main/java/com/puppycrawl/tools/checkstyle/api/JavadocTokenTypes.java"
        },
        "deprecated": false,
        "id": "CVE-2019-3900-8ce50253",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "317882040206053455066057915000738642204",
                "87675796402599855558190118295172965921",
                "70327170075786414536983233354476761214",
                "287737240905024829312024010663308487848",
                "128943388809190120314050578088608893716",
                "169464091733456303866928285291570839216",
                "309037665555608347852434100136798276862"
            ]
        },
        "source": "https://github.com/checkstyle/checkstyle/commit/c77953b8a8ac160fbc83086b1dd80645e47f419e"
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "src/test/java/com/puppycrawl/tools/checkstyle/grammars/javadoc/JavadocParseTreeTest.java"
        },
        "deprecated": false,
        "id": "CVE-2019-3900-9396e84c",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "43107011772664489665314974789670267383",
                "204479065451930649296980961411896426862",
                "19061927379621398292831046916224295835"
            ]
        },
        "source": "https://github.com/checkstyle/checkstyle/commit/c77953b8a8ac160fbc83086b1dd80645e47f419e"
    },
    {
        "signature_type": "Function",
        "target": {
            "file": "src/test/java/com/puppycrawl/tools/checkstyle/utils/JavadocUtilsTest.java",
            "function": "testGetTokenNames"
        },
        "deprecated": false,
        "id": "CVE-2019-3900-9e22469c",
        "signature_version": "v1",
        "digest": {
            "function_hash": "288265049863556219417251928001527812306",
            "length": 109.0
        },
        "source": "https://github.com/checkstyle/checkstyle/commit/c77953b8a8ac160fbc83086b1dd80645e47f419e"
    },
    {
        "signature_type": "Function",
        "target": {
            "file": "src/test/java/com/puppycrawl/tools/checkstyle/grammars/javadoc/GeneratedJavadocTokenTypesTest.java",
            "function": "testRuleNumbers"
        },
        "deprecated": false,
        "id": "CVE-2019-3900-d7758f60",
        "signature_version": "v1",
        "digest": {
            "function_hash": "261526603684767633202958313733574576571",
            "length": 4559.0
        },
        "source": "https://github.com/checkstyle/checkstyle/commit/c77953b8a8ac160fbc83086b1dd80645e47f419e"
    },
    {
        "signature_type": "Line",
        "target": {
            "file": "src/test/java/com/puppycrawl/tools/checkstyle/grammars/javadoc/GeneratedJavadocTokenTypesTest.java"
        },
        "deprecated": false,
        "id": "CVE-2019-3900-d78d2321",
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "23675366995699736357529571430061886362",
                "99052491524682567823728523078998028178",
                "88055791357096678314915215211507554832",
                "22237108984851818323672294360141278467",
                "121129236011644378832433326831203878368",
                "99474065213783021100161513576388432277",
                "331298648465641052220981915489006725629",
                "141019705209049253346213568137806403784"
            ]
        },
        "source": "https://github.com/checkstyle/checkstyle/commit/c77953b8a8ac160fbc83086b1dd80645e47f419e"
    },
    {
        "signature_type": "Function",
        "target": {
            "file": "src/test/java/com/puppycrawl/tools/checkstyle/api/JavadocTokenTypesTest.java",
            "function": "testTokenValues"
        },
        "deprecated": false,
        "id": "CVE-2019-3900-e7ea67e9",
        "signature_version": "v1",
        "digest": {
            "function_hash": "206163383830211621143959656966745810187",
            "length": 9930.0
        },
        "source": "https://github.com/checkstyle/checkstyle/commit/c77953b8a8ac160fbc83086b1dd80645e47f419e"
    },
    {
        "signature_type": "Function",
        "target": {
            "file": "src/test/java/com/puppycrawl/tools/checkstyle/grammars/javadoc/GeneratedJavadocTokenTypesTest.java",
            "function": "testTokenNumbers"
        },
        "deprecated": false,
        "id": "CVE-2019-3900-ea014642",
        "signature_version": "v1",
        "digest": {
            "function_hash": "198050984030235009635825395411622204735",
            "length": 5404.0
        },
        "source": "https://github.com/checkstyle/checkstyle/commit/c77953b8a8ac160fbc83086b1dd80645e47f419e"
    }
]