CVE-2011-3275Missing Release of Memory after Effective Lifetime in Cisco IOS

CWE-3995 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 37.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS XE
Timeline
PublishedOct 3
Latest updateMay 17

Description

Memory leak in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x through 3.2.x, allows remote attackers to cause a denial of service (memory consumption) via a crafted SIP message, aka Bug ID CSCti48504.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

NVDcisco/ios12.4, 15.0, 15.1+2
NVDcisco/ios_xe14 versions+13

🔴Vulnerability Details

2
GHSA
GHSA-47cw-xf65-434r: Memory leak in Cisco IOS 122022-05-17
CVEList
CVE-2011-3275: Memory leak in Cisco IOS 122011-10-03

💥Exploits & PoCs

1
Exploit-DB
VideoLAN VLC Media Player 1.1.4 - 'AMV' Dangling Pointer (Metasploit)2011-03-26

📋Vendor Advisories

1
Cisco
Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerabilities2011-09-28
CVE-2011-3275 — Cisco IOS vulnerability | cvebase