CVE-2017-17141

LOW

Huawei - Buffer Overflow

Title source: llm

Description

Huawei S12700 V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R007C20; V200R008C00; V200R009C00;S1700 V200R006C10; V200R009C00;S2700 V100R006C03; V200R003C00; V200R005C00; V200R006C00; V200R006C10; V200R007C00; V200R007C00B050; V200R007C00SPC009T; V200R007C00SPC019T; V200R008C00; V200R009C00;S3700 V100R006C03;S5700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R003C02; V200R005C00; V200R005C01; V200R005C02; V200R005C03; V200R006C00; V200R007C00; V200R008C00; V200R009C00;S6700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R005C01; V200R005C02; V200R008C00; V200R009C00;S7700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R006C01; V200R007C00; V200R007C01; V200R008C00; V200R008C06; V200R009C00;S9700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R008C00; V200R009C00 have a memory leak vulnerability. In some specific conditions, if attackers send specific malformed MPLS Service PING messages to the affected products, products do not release the memory when handling the packets. So successful exploit will result in memory leak of the affected products.

References (1)

[Vendor Advisory] http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171206-01-mpls-en

Scores

CVSS v3 3.7

EPSS 0.0018

EPSS Percentile 38.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Details

CWE

CWE-772

Status published

Products (50)

huawei/s12700_firmware v200r005c00

huawei/s12700_firmware v200r006c00

huawei/s12700_firmware v200r007c00

huawei/s12700_firmware v200r007c01

huawei/s12700_firmware v200r007c20

huawei/s12700_firmware v200r008c00

huawei/s12700_firmware v200r009c00

huawei/s1700_firmware v200r006c10

huawei/s1700_firmware v200r009c00

huawei/s2700_firmware v100r006c03

... and 40 more

Published Mar 05, 2018

Tracked Since Feb 18, 2026