CVE-2018-0165 — Missing Release of Resource after Effective Lifetime in Cisco IOS XE

CWE-399 CWE-772 — Missing Release of Resource after Effective Lifetime4 documents4 sources

Severity

7.4HIGHNVD

EPSS

0.3%

top 50.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco IOS XE

Timeline

PublishedMar 28

Latest updateMay 13

Description

A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust buffers on an affected device, resulting in a denial of service (DoS) condition, aka a Memory Leak. The vulnerability is due to the affected software insufficiently processing IGMP Membership Query packets that are sent to an affected device. An attacker could exploit this vulnerability by sending a large number of …

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 2.8 | Impact: 4.0

Affected Packages1 packages

▶NVDcisco/ios_xe15.2\(3\)e, denali-16.3.3+1

🔴Vulnerability Details

GHSA

GHSA-4xw4-mm85-x43q: A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticat↗2022-05-13

▶

CVEList

CVE-2018-0165: A vulnerability in the Internet Group Management Protocol (IGMP) packet-processing functionality of Cisco IOS XE Software could allow an unauthenticat↗2018-03-28

▶

📋Vendor Advisories

Cisco

Cisco IOS XE Software Internet Group Management Protocol Memory Leak Vulnerability↗2018-03-28

▶