CVE-2013-3464 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS XR

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-20 — Improper Input Validation7 documents6 sources

Severity

4.6MEDIUMNVD

EPSS

0.1%

top 67.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XR

Timeline

PublishedAug 13

Latest updateMay 17

Description

Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload) by starting an outbound flood of large ICMP Echo Request packets and stopping this with a CTRL-C sequence, aka Bug ID CSCui60347.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.1 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/ios_xr57 versions+56

🔴Vulnerability Details

GHSA

GHSA-25r8-4ph4-p8ww: Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload)↗2022-05-17

▶

CVEList

CVE-2013-3464: Cisco IOS XR allows local users to cause a denial of service (Silicon Packet Processor memory corruption, improper mutex handling, and device reload)↗2013-08-12

▶

📋Vendor Advisories

Red Hat

WS: Incomplete fix for CVE-2013-2133↗2014-08-06

▶

Cisco

Cisco IOS XR Internet Control Message Protocol Denial of Service Vulnerability↗2013-08-13

▶

💬Community

Bugzilla

CVE-2014-3464 JBoss WS: Incomplete fix for CVE-2013-2133↗2014-05-28

▶