CVE-2023-24511

MEDIUM

Arista EOS - Memory Corruption

Title source: llm

Description

On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system.

References (1)

[Exploit, Patch, Vendor Advisory] https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084

Scores

CVSS v3 5.3

EPSS 0.0004

EPSS Percentile 13.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Classification

CWE

CWE-401

Status published

Affected Products (1)

arista/eos < 4.26.10m

Timeline

Published Apr 12, 2023

Tracked Since Feb 18, 2026