CVE-2016-8782

Name of the Vulnerable Software and Affected Versions Huawei CloudEngine 12800 versions V100R003C00 through V100R006C00

Description The issue is related to a memory leak. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices repeatedly. Due to improper validation of some specific fields of the packet, the LDP processing module does not release the memory, resulting in memory leak.

Recommendations For Huawei CloudEngine 12800 versions V100R003C00 through V100R006C00, as a temporary workaround, consider restricting access to the LDP processing module until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.