CVE-2019-14810

Name of the Vulnerable Software and Affected Versions EOS versions 4.22.1F and earlier releases EOS versions 4.21.0F through 4.21.2.3F EOS versions 4.21.3F through 4.21.7.1M EOS versions 4.20.14M and earlier releases EOS versions 4.19.12M and earlier releases

Description A vulnerability has been found in the implementation of the Label Distribution Protocol (LDP) protocol in EOS. Under race conditions, the LDP agent can establish an LDP session with a malicious peer, potentially allowing the possibility of a Denial of Service (DoS) attack on route updates and in turn potentially leading to an Out of Memory (OOM) condition that is disruptive to traffic forwarding. There is no evidence of this vulnerability being exploited as of the date of this update.

Recommendations For EOS versions 4.22.1F and earlier releases, update to a version later than 4.22.1F. For EOS versions 4.21.0F through 4.21.2.3F, update to a version later than 4.21.2.3F. For EOS versions 4.21.3F through 4.21.7.1M, update to a version later than 4.21.7.1M. For EOS versions 4.20.14M and earlier releases, update to a version later than 4.20.14M. For EOS versions 4.19.12M and earlier releases, update to a version later than 4.19.12M.