CVE-2009-5039Missing Release of Resource after Effective Lifetime in Cisco IOS

CWE-772Missing Release of Resource after Effective Lifetime3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.6%
top 30.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS
Timeline
PublishedJan 7
Latest updateMay 2

Description

Memory leak in the gk_circuit_info_do_in_acf function in the H.323 implementation in Cisco IOS before 15.0(1)XA allows remote attackers to cause a denial of service (memory consumption) via a large number of calls over a long duration, as demonstrated by InterZone Clear Token (IZCT) test traffic, aka Bug ID CSCsz72535.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDcisco/ios< 15.0\(1\)xa

🔴Vulnerability Details

2
GHSA
GHSA-wp76-m554-xw7f: Memory leak in the gk_circuit_info_do_in_acf function in the H2022-05-02
CVEList
CVE-2009-5039: Memory leak in the gk_circuit_info_do_in_acf function in the H2011-01-07
CVE-2009-5039 — Cisco IOS vulnerability | cvebase