CVE-2023-3646

CWE-125 — Out-of-bounds Read3 documents3 sources

Severity

7.5HIGH

EPSS

0.1%

top 64.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Arista EOS Arista Networks EOS

Timeline

PublishedAug 29

Description

On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

▶NVDarista/eos4.29.0 — 4.29.2f+1

▶CVEListV5arista_networks/eos4.28.2F — 4.28.5.1M +1

🔴Vulnerability Details

GHSA

GHSA-mxrc-xx6x-q2cc: On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and c↗2023-08-29

▶

CVEList

On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.↗2023-08-29

▶