CVE-2013-5565Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco IOS XR

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-20Improper Input Validation4 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.4%
top 40.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XR
Timeline
PublishedNov 8
Latest updateMay 17

Description

The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers to cause a denial of service (process crash) via a malformed LSA Type-1 packet, aka Bug ID CSCuj82176.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDcisco/ios_xr5.1.0

🔴Vulnerability Details

2
GHSA
GHSA-xvpg-w2c9-f32f: The OSPFv3 functionality in Cisco IOS XR 52022-05-17
CVEList
CVE-2013-5565: The OSPFv3 functionality in Cisco IOS XR 52013-11-08

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software OSPFv3 Denial of Service Vulnerability2013-11-07
CVE-2013-5565 — Cisco IOS XR vulnerability | cvebase