Description
Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices. When the values of some parameters in the packet are abnormal, the LDP processing module does not release the memory to handle the packet, resulting in memory leak.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161221-01-ldp-en
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/95079
Scores
CVSS v3
4.3
EPSS
0.0007
EPSS Percentile
21.7%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-399
Status
published
Products (5)
huawei/cloudengine_12800_firmware
v100r003c00
huawei/cloudengine_12800_firmware
v100r003c10
huawei/cloudengine_12800_firmware
v100r005c00
huawei/cloudengine_12800_firmware
v100r005c10
huawei/cloudengine_12800_firmware
v100r006c00
Published
Mar 09, 2018
Tracked Since
Feb 18, 2026