PT-2016-7564 · Huawei · Huawei Cloudengine 12800+1

Published

2016-12-14

Updated

2018-03-26

CVE-2016-8782

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Huawei CloudEngine 12800 versions V100R003C00 through V100R006C00

Description The issue is related to a memory leak. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices repeatedly. Due to improper validation of some specific fields of the packet, the LDP processing module does not release the memory, resulting in memory leak.

Recommendations For Huawei CloudEngine 12800 versions V100R003C00 through V100R006C00, as a temporary workaround, consider restricting access to the LDP processing module until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

CVE-2016-8782

Affected Products

Huawei Cloudengine 12800

Huawei Vrp

PT-2016-7564 · Huawei · Huawei Cloudengine 12800+1

CVE-2016-8782

Weakness Enumeration

Related Identifiers

Affected Products

References · 4