CVE-2005-0066
CVE-2005-0066 is a medium-severity vulnerability in Tcp with a CVSS 2.0 base score of 5.0. Its EPSS exploit-prediction score of 11% places it in the 95th percentile, indicating an elevated likelihood of exploitation.
Key facts
- Severity: Medium (CVSS 2.0 base score 5.0)
- EPSS exploit prediction: 11% (95th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Tcp
- Published:
- Last modified:
Description
The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP acknowledgement number checking"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
Frequently asked questions
- What is CVE-2005-0066?
- The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP acknowledgement number checking"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
- How severe is CVE-2005-0066?
- CVE-2005-0066 has a CVSS 2.0 base score of 5.0, rated medium severity.
- Is CVE-2005-0066 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 11% (95th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2005-0066?
- CVE-2005-0066 affects Tcp. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2005-0066?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2005-0066 published?
- CVE-2005-0066 was published on 2004-12-22 and last updated on 2026-06-16.
References
Affected products (1)
- cpe:2.3:a:tcp:tcp:*:*:*:*:*:*:*:*
More vulnerabilities in Tcp
- CVE-2005-0065 — Critical (CVSS 10.0): The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of…
- CVE-2005-3675 — High (CVSS 7.8): The Transmission Control Protocol (TCP) allows remote attackers to cause a denial of service (bandwidth consumption) by…
- CVE-2005-0068 — Medium (CVSS 5.0): The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it…
- CVE-2005-0067 — Medium (CVSS 5.0): The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which…
- CVE-2004-1060 — Medium (CVSS 5.0): Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause…