Description
Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices repeatedly. Due to improper validation of some specific fields of the packet, the LDP processing module does not release the memory, resulting in memory leak.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161214-01-ldp-en
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/94941
Scores
CVSS v3
5.3
EPSS
0.0013
EPSS Percentile
31.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-399
Status
published
Products (5)
huawei/cloudengine_12800_firmware
v100r003c00
huawei/cloudengine_12800_firmware
v100r003c10
huawei/cloudengine_12800_firmware
v100r005c00
huawei/cloudengine_12800_firmware
v100r005c10
huawei/cloudengine_12800_firmware
v100r006c00
Published
Mar 09, 2018
Tracked Since
Feb 18, 2026