CVE-2016-6355Missing Release of Memory after Effective Lifetime in Cisco IOS XR

CWE-3994 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 26.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco IOS XR
Timeline
PublishedAug 23
Latest updateMay 17

Description

Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, and 5.3.x through 5.3.2 on ASR 9001 devices allows remote attackers to cause a denial of service (control-plane protocol outage) via crafted fragmented packets, aka Bug ID CSCux26791.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDcisco/ios_xr14 versions+13

🔴Vulnerability Details

2
GHSA
GHSA-xqv4-m752-6vpr: Memory leak in Cisco IOS XR 52022-05-17
CVEList
CVE-2016-6355: Memory leak in Cisco IOS XR 52016-08-23

📋Vendor Advisories

1
Cisco
Cisco IOS XR Software for Cisco ASR 9001 Aggregation Services Routers Fragmented Packet Denial of Service Vulnerability2016-08-10
CVE-2016-6355 — Cisco IOS XR vulnerability | cvebase