CVE-2016-8782 — Missing Release of Memory after Effective Lifetime in Technologies CO LTD Cloudengine 12800

CWE-3994 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 67.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Technologies CO LTD Cloudengine 12800 Huawei Cloudengine 12800 Firmware

Timeline

PublishedMar 9

Latest updateMay 14

Description

Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices repeatedly. Due to improper validation of some specific fields of the packet, the LDP processing module does not release the memory, resulting in memory leak.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDhuawei/cloudengine_12800_firmware5 versions+4

▶CVEListV5huawei_technologies_co_ltd/cloudengine_12800CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00

🔴Vulnerability Details

GHSA

GHSA-f5m4-rwp6-74j3: Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability↗2022-05-14

▶

CVEList

CVE-2016-8782: Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability↗2018-03-09

▶

💬Community

Bugzilla

CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 libtiff: invalid assertion↗2016-01-25

▶