CNVD-2017-38221

Vulnerability from cnvd - Published: 2017-12-27
VLAI Severity ?
Title
华为多款产品内存泄露漏洞
Description
Huawei CloudEngine 12800等都是中国华为(Huawei)公司的CloudEngine系列交换机产品。 多款Huawei产品中存在内存泄露漏洞,该漏洞源于程序未对申请处理报文的内存进行释放。攻击者可通过向受影响设备发送特殊的RSVP(资源预留协议)报文造成拒绝服务。
Severity
Patch Name
华为多款产品内存泄露漏洞的补丁
Patch Description
Huawei CloudEngine 12800等都是中国华为(Huawei)公司的CloudEngine系列交换机产品。 多款Huawei产品中存在内存泄露漏洞,该漏洞源于程序未对申请处理报文的内存进行释放。攻击者可通过向受影响设备发送特殊的RSVP(资源预留协议)报文造成拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

厂商已发布了漏洞修复程序,请及时关注更新: http://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20171201-01-router-cn

Reference
http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171201-01-router-cn
Impacted products
Name
['Huawei CloudEngine 12800 V100R003C00', 'Huawei CloudEngine 12800 V100R005C00', 'Huawei CloudEngine 12800 V100R005C10', 'Huawei CloudEngine 12800 V100R006C00', 'Huawei CloudEngine 5800 V100R005C00', 'Huawei CloudEngine 5800 V100R005C10', 'Huawei CloudEngine 5800 V100R006C00', 'Huawei CloudEngine 6800 V100R005C00', 'Huawei CloudEngine 6800 V100R005C10', 'Huawei CloudEngine 6800 V100R006C00', 'Huawei CloudEngine 7800 V100R005C00', 'Huawei CloudEngine 7800 V100R005C10', 'Huawei CloudEngine 7800 V100R006C00', 'Huawei CloudEngine 5800 V100R003C00', 'Huawei CloudEngine 6800 V100R003C00', 'Huawei CloudEngine 7800 V100R003C00']
Show details on source website
To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-15349"
    }
  },
  "description": "Huawei CloudEngine 12800\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684CloudEngine\u7cfb\u5217\u4ea4\u6362\u673a\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eHuawei\u4ea7\u54c1\u4e2d\u5b58\u5728\u5185\u5b58\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u5bf9\u7533\u8bf7\u5904\u7406\u62a5\u6587\u7684\u5185\u5b58\u8fdb\u884c\u91ca\u653e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u53d7\u5f71\u54cd\u8bbe\u5907\u53d1\u9001\u7279\u6b8a\u7684RSVP\uff08\u8d44\u6e90\u9884\u7559\u534f\u8bae\uff09\u62a5\u6587\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Huawei",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttp://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20171201-01-router-cn",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-38221",
  "openTime": "2017-12-27",
  "patchDescription": "Huawei CloudEngine 12800\u7b49\u90fd\u662f\u4e2d\u56fd\u534e\u4e3a\uff08Huawei\uff09\u516c\u53f8\u7684CloudEngine\u7cfb\u5217\u4ea4\u6362\u673a\u4ea7\u54c1\u3002\r\n\r\n\u591a\u6b3eHuawei\u4ea7\u54c1\u4e2d\u5b58\u5728\u5185\u5b58\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u5bf9\u7533\u8bf7\u5904\u7406\u62a5\u6587\u7684\u5185\u5b58\u8fdb\u884c\u91ca\u653e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u53d7\u5f71\u54cd\u8bbe\u5907\u53d1\u9001\u7279\u6b8a\u7684RSVP\uff08\u8d44\u6e90\u9884\u7559\u534f\u8bae\uff09\u62a5\u6587\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "\u534e\u4e3a\u591a\u6b3e\u4ea7\u54c1\u5185\u5b58\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Huawei CloudEngine 12800 V100R003C00",
      "Huawei CloudEngine 12800 V100R005C00",
      "Huawei CloudEngine 12800 V100R005C10",
      "Huawei CloudEngine 12800 V100R006C00",
      "Huawei CloudEngine 5800 V100R005C00",
      "Huawei CloudEngine 5800 V100R005C10",
      "Huawei CloudEngine 5800 V100R006C00",
      "Huawei CloudEngine 6800 V100R005C00",
      "Huawei CloudEngine 6800 V100R005C10",
      "Huawei CloudEngine 6800 V100R006C00",
      "Huawei CloudEngine 7800 V100R005C00",
      "Huawei CloudEngine 7800 V100R005C10",
      "Huawei CloudEngine 7800 V100R006C00",
      "Huawei CloudEngine 5800 V100R003C00",
      "Huawei CloudEngine 6800 V100R003C00",
      "Huawei CloudEngine 7800 V100R003C00"
    ]
  },
  "referenceLink": "http://www.huawei.com/cn/psirt/security-advisories/2017/huawei-sa-20171201-01-router-cn",
  "serverity": "\u9ad8",
  "submitTime": "2017-12-04",
  "title": "\u534e\u4e3a\u591a\u6b3e\u4ea7\u54c1\u5185\u5b58\u6cc4\u9732\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.