Reset Search



SA43903 - Response to SegmentSmack (CVE-2018-5390) and FragmentSmack (CVE-2018-5391)

« Go Back


Product Affected
SegmentSmack (CVE-2018-5390) and FragmentSmack (CVE-2018-5391) are described as a TCP implementation denial of service vulnerability. A remote attacker can send crafted sequences of TCP/IP packets may cause excessive CPU utilization to create a denial of service (DOS) conditions on the system. This attack requires a successfully two-way TCP connection to an open port, thus the attacker cannot be performed using spoofed IP addresses.

These issues apply to the following releases:
  • Pulse Connect Secure 9.0RX
  • Pulse Connect Secure 8.3RX
  • Pulse Policy Secure 9.0RX
  • Pulse Policy Secure 5.4RX

Refer to KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities? for additional release details as per the End of Engineering (EOE) and End of Life (EOL) policies.
The following issue will be resolved in the following releases:
  • Pulse Connect Secure 9.0R4
  • Pulse Policy Secure 9.0R4
Pulse Secure is working on a fix other versions and will continue to update the advisory with tentative timelines.

Document History:
October 2, 2018 - Initial publication October 2, 2018
April 29, 2019 - Updated fixed version for Pulse Connect Secure and Pulse Policy Secure
    Related Links
    CVSS Score7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
    Risk Assessment
    Alert TypeSA - Security Advisory
    Risk LevelHigh
    Attachment 1 
    Attachment 2 
    Legacy ID



    Was this article helpful?



    Please tell us how we can make this article more useful.

    Characters Remaining: 255