Reset Search



SA43903 - Response to SegmentSmack (CVE-2018-5390) and FragmentSmack (CVE-2018-5391)

« Go Back


Product Affected
SegmentSmack (CVE-2018-5390) and FragmentSmack (CVE-2018-5391) are described as a TCP implementation denial of service vulnerability. A remote attacker can send crafted sequences of TCP/IP packets may cause excessive CPU utilization to create a denial of service (DOS) conditions on the system. This attack requires a successfully two-way TCP connection to an open port, thus the attacker cannot be performed using spoofed IP addresses.

These issues apply to the following releases:
  • Pulse Connect Secure 9.0RX
  • Pulse Connect Secure 8.3RX
  • Policy Pulse Secure 9.0RX
  • Pulse Policy Secure 5.4RX

Refer to KB43892 - What releases will Pulse Secure apply fixes to resolve security vulnerabilities? for additional release details as per the End of Engineering (EOE) and End of Life (EOL) policies.
Pulse Secure is working on a fix for these issues and will continue to update the advisory with tentative timelines.
Related Links
CVSS Score7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Risk Assessment
Alert TypeSA - Security Advisory
Risk LevelHigh
Attachment 1 
Attachment 2 
Legacy ID



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255