CVE-2018-5254 β€” Deserialization of Untrusted Data in EOS

CWE-417CWE-502 β€” Deserialization of Untrusted Data5 documents5 sources
Severity
7.5HIGHNVD
GHSA9.8
EPSS
0.6%
top 30.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Arista EOS
Timeline
PublishedApr 12
Latest updateMay 14

Description

Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of service (Rib agent restart) via a malformed path attribute in an UPDATE message.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

β–ΆNVDarista/eos< 4.20.2f

πŸ”΄Vulnerability Details

3
GHSA
GHSA-fwcg-fqr6-423c: Arista EOS before 4β†—2022-05-14
β–Ά
GHSA
Apache NiFi JMS Deserialization issue↗2022-05-14
β–Ά
CVEList
CVE-2018-5254: Arista EOS before 4β†—2018-04-12
β–Ά

πŸ“‹Vendor Advisories

1
Apache
Apache nifi: CVE-2018-1310β†—
β–Ά
CVE-2018-5254 β€” Deserialization of Untrusted Data | cvebase