PT-2021-22788 · Huawei · Cloudengine 7800+4
Published
2021-12-08
·
Updated
2021-12-15
·
CVE-2021-40008
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
CloudEngine 12800 version V200R019C00SPC800
CloudEngine 5800 version V200R019C00SPC800
CloudEngine 6800 version V200R019C00SPC800
CloudEngine 7800 version V200R019C00SPC800
Description
The software does not sufficiently track and release allocated memory while parsing a series of crafted binary messages, which could consume remaining memory. Successful exploit could cause memory exhaust.
Recommendations
For CloudEngine 12800 version V200R019C00SPC800, update to a version that includes the fix for the memory leak issue.
For CloudEngine 5800 version V200R019C00SPC800, update to a version that includes the fix for the memory leak issue.
For CloudEngine 6800 version V200R019C00SPC800, update to a version that includes the fix for the memory leak issue.
For CloudEngine 7800 version V200R019C00SPC800, update to a version that includes the fix for the memory leak issue.
As a temporary workaround, consider restricting the parsing of crafted binary messages to minimize the risk of exploitation.
Fix
Missing Release of Resource after Effective Lifetime
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cloudengine 12800
Cloudengine 5800
Cloudengine 6800
Cloudengine 7800
Huawei Vrp