CVE-2009-1154Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS XR

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-3994 documents4 sources
Severity
3.3LOWNVD
EPSS
0.5%
top 35.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XR
Timeline
PublishedAug 21
Latest updateMay 2

Description

Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 6.4 | Impact: 2.9

Affected Packages1 packages

NVDcisco/ios_xr3.8.1+18

Patches

Patch: www.cisco.comPatch: www.cisco.com

🔴Vulnerability Details

2
GHSA
GHSA-6qm4-24f4-g249: Cisco IOS XR 32022-05-02
CVEList
CVE-2009-1154: Cisco IOS XR 32009-08-21

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software Border Gateway Protocol Vulnerabilities2009-08-18
CVE-2009-1154 — Cisco IOS XR vulnerability | cvebase