CVE-2015-6272 — Integer Overflow or Wraparound in Cisco IOS XE

CWE-399 CWE-190 — Integer Overflow or Wraparound CWE-122 — Heap-based Buffer Overflow CWE-835 — Infinite Loop7 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.4%

top 37.61%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE

Timeline

PublishedAug 31

Latest updateMay 17

Description

Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when NAT Application Layer Gateway is used, allows remote attackers to cause a denial of service (Embedded Services Processor crash) via a crafted H.323 packet, aka Bug ID CSCsx35393, CSCsx07094, and CSCsw93064.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages1 packages

▶NVDcisco/ios_xe8 versions+7

🔴Vulnerability Details

GHSA

GHSA-j7x3-94fx-8397: Cisco IOS XE 2↗2022-05-17

▶

CVEList

CVE-2015-6272: Cisco IOS XE 2↗2015-08-31

▶

📋Vendor Advisories

Red Hat

libevent: multiple integer overflows in the evbuffer APIs↗2015-08-24

▶

Red Hat

libevent: potential heap overflow in buffer/bufferevent APIs↗2015-01-05

▶

💬Community

Bugzilla

CVE-2015-6525 libevent: multiple integer overflows in the evbuffer APIs↗2015-08-25

▶