CVE-2008-3817 — Missing Release of Memory after Effective Lifetime in Cisco PIX Security Appliance

CWE-399 CWE-2644 documents4 sources

Severity

7.8HIGHNVD

EPSS

1.5%

top 18.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco PIX Security Appliance

Timeline

PublishedOct 23

Latest updateMay 2

Description

Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 8.0 before 8.0(4) and 8.1 before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via an unspecified sequence of packets, related to the "initialization code for the hardware crypto accelerator."

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/pix_security_appliance8.0, 8.1+1

Patches

Patch: www.cisco.com ↗Patch: www.cisco.com ↗

🔴Vulnerability Details

GHSA

GHSA-7h25-phc4-5m3h: Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 8↗2022-05-02

▶

CVEList

CVE-2008-3817: Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security Appliances 8↗2008-10-23

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco PIX and Cisco ASA↗2008-10-22

▶