CVE-2014-3359Missing Release of Memory after Effective Lifetime in Cisco IOS

CWE-3997 documents6 sources
Severity
7.8HIGHNVD
EPSS
1.1%
top 22.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco IOSCisco IOS XE
Timeline
PublishedSep 25
Latest updateMay 17

Description

Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, 3.6.xS, and 3.7.xS before 3.7.6S; 3.8.xS, 3.9.xS, and 3.10.xS before 3.10.1S; and 3.11.xS before 3.12S allows remote attackers to cause a denial of service (memory consumption or device reload) via malformed DHCPv6 packets, aka Bug ID CSCum90081.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

NVDcisco/ios4 versions+3
NVDcisco/ios_xe30 versions+29

🔴Vulnerability Details

2
GHSA
GHSA-r5hh-4cw7-qqc4: Memory leak in Cisco IOS 152022-05-17
CVEList
CVE-2014-3359: Memory leak in Cisco IOS 152014-09-25

📋Vendor Advisories

2
CISA ICS
Rockwell Automation Stratix 59002017-05-10
Cisco
Cisco IOS Software DHCP Version 6 Denial of Service Vulnerability2014-09-24

💬Community

2
Bugzilla
CVE-2014-9900 kernel: Info leak in uninitialized structure ethtool_wolinfo in ethtool_get_wol()2017-08-14
Bugzilla
CVE-2014-3859 bind: assertion failure during EDNS option processing2014-06-12
CVE-2014-3359 — Cisco IOS vulnerability | cvebase