CVE-2016-8784

Name of the Vulnerable Software and Affected Versions Huawei CloudEngine 12800 versions V100R003C00 through V100R006C00

Description The issue is related to a memory leak that occurs when an unauthenticated attacker sends specific Label Distribution Protocol (LDP) packets to the devices. If the values of some parameters in the packet are abnormal, the LDP processing module fails to release the memory used to handle the packet, resulting in a memory leak.

Recommendations For versions V100R003C00 through V100R006C00, consider restricting access to the LDP processing module to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the handling of abnormal LDP packets may also help mitigate the issue.