CVE-2016-8784

CWE-3994 documents4 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 78.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Technologies Co., Ltd. Cloudengine 12800 Huawei Cloudengine 12800 Firmware

Timeline

PublishedMar 9

Latest updateMay 14

Description

Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices. When the values of some parameters in the packet are abnormal, the LDP processing module does not release the memory to handle the packet, resulting in memory leak.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDhuawei/cloudengine_12800_firmware5 versions+4

▶CVEListV5huawei_technologies_co.,_ltd./cloudengine_12800CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00

🔴Vulnerability Details

GHSA

GHSA-gwgg-4mwq-8v75: Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability↗2022-05-14

▶

CVEList

CVE-2016-8784: Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, V100R005C10, V100R006C00 have a memory leak vulnerability↗2018-03-09

▶

💬Community

Bugzilla

CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode()↗2016-01-25

▶