CVE-2024-7095
Severity
4.3MEDIUM
EPSS
0.1%
top 65.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 10
Description
On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4
Affected Packages1 packages
🔴Vulnerability Details
2GHSA▶
GHSA-fh6c-p6q9-8m5f: On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially↗2025-01-10
CVEList▶
On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak↗2025-01-10