CVE-2018-0132 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Cisco Carrier Routing System

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

8.6HIGHNVD

EPSS

1.4%

top 19.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Carrier Routing System

Timeline

PublishedFeb 8

Latest updateMay 13

Description

A vulnerability in the forwarding information base (FIB) code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause inconsistency between the routing information base (RIB) and the FIB, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect processing of extremely long routing updates. An attacker could exploit this vulnerability by sending a large routing update. A successful exploit could allow the attacker to trigger inconsistency b…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 3.9 | Impact: 4.0

Affected Packages1 packages

▶NVDcisco/carrier_routing_system5.3.0.rout

🔴Vulnerability Details

GHSA

GHSA-c9gw-ww29-cmh7: A vulnerability in the forwarding information base (FIB) code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause incons↗2022-05-13

▶

CVEList

CVE-2018-0132: A vulnerability in the forwarding information base (FIB) code of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause incons↗2018-02-08

▶

📋Vendor Advisories

Cisco

Cisco IOS XR Software Routing and Forwarding Inconsistency Denial of Service Vulnerability↗2018-02-07

▶