CVE-2011-0941 — Missing Release of Memory after Effective Lifetime in Cisco IOS

CWE-3994 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 37.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS Cisco Unified Communications Manager

Timeline

PublishedNov 1

Latest updateMay 17

Description

Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su3, 8.x before 8.0(3a)su1, and 8.5 before 8.5(1), and Cisco IOS 12.4 and 15.1, allows remote attackers to cause a denial of service (memory consumption and process failure or device reload) via a malformed SIP message, aka Bug IDs CSCti75128 and CSCtj09179.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶NVDcisco/unified_communications_manager51 versions+50

▶NVDcisco/ios12.4, 15.1+1

🔴Vulnerability Details

GHSA

GHSA-4prw-wg9m-4gxq: Memory leak in Cisco Unified Communications Manager (CUCM) 6↗2022-05-17

▶

CVEList

CVE-2011-0941: Memory leak in Cisco Unified Communications Manager (CUCM) 6↗2011-11-01

▶

📋Vendor Advisories

Cisco

Cisco IOS Software and Cisco Unified Communications Manager Session Initiation Protocol Packet Processing Memory Leak Vulnerability↗2011-11-07

▶