CVE-2024-9135

MEDIUM

Arista EOS Use-After-Free in BGP Link State Agent

Title source: llm

Description

On affected platforms running Arista EOS with BGP Link State configured, BGP peer flap can cause the BGP agent to leak memory. This may result in BGP routing processing being terminated and route flapping.

References (1)

Core 1

Core References

Various Sources

https://www.arista.com/en/support/advisories-notices/security-advisory/21092-security-advisory-0110

Scores

CVSS v3 5.3

EPSS 0.0033

EPSS Percentile 25.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-401

Status published

Products (6)

Arista Networks/EOS 4.27.0 - 4.27.1

Arista Networks/EOS 4.28.0

Arista Networks/EOS 4.29.0 - 4.29.9.1

Arista Networks/EOS 4.30.0 - 4.30.8.1

Arista Networks/EOS 4.31.0 - 4.31.5

Arista Networks/EOS 4.33.0

Published Mar 04, 2025

Tracked Since Feb 18, 2026