CVE-2016-5368 — Missing Release of Memory after Effective Lifetime in Huawei Ar3200 Firmware

CWE-3993 documents3 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 48.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Ar3200 Firmware

Timeline

PublishedJun 30

Latest updateMay 17

Description

Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted Multiprotocol Label Switching (MPLS) packets.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDhuawei/ar3200_firmwarev200r005c20, v200r005c32, v200r007c00+2

🔴Vulnerability Details

GHSA

GHSA-8v92-hv25-c9p8: Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of↗2022-05-17

▶

CVEList

CVE-2016-5368: Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of service (memory consumption) via a large number of↗2016-06-30

▶