fkie_cve-2024-7095
Vulnerability from fkie_nvd
Published
2025-01-10 21:15
Modified
2025-01-14 15:15
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well.
References
psirt@arista.comhttps://www.arista.com/en/support/advisories-notices/security-advisory/20650-security-advisory-0107
Impacted products
Vendor Product Version


To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "On affected platforms running Arista EOS with SNMP configured, if \u201csnmp-server transmit max-size\u201d is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well."
    },
    {
      "lang": "es",
      "value": "En las plataformas afectadas que ejecutan Arista EOS con SNMP configurado, si se configura \u201csnmp-server transmit max-size\u201d, en algunas circunstancias, un paquete especialmente manipulado puede provocar que el proceso snmpd pierda memoria. Esto puede provocar la finalizaci\u00f3n del proceso snmpd (lo que hace que las solicitudes SNMP se agoten hasta que se reinicie snmpd) y la presi\u00f3n de memoria para otros procesos en el conmutador. El aumento de la presi\u00f3n de memoria tambi\u00e9n puede provocar que otros procesos adem\u00e1s de snmpd corran el riesgo de una finalizaci\u00f3n inesperada."
    }
  ],
  "id": "CVE-2024-7095",
  "lastModified": "2025-01-14T15:15:27.263",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "psirt@arista.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-01-10T21:15:13.570",
  "references": [
    {
      "source": "psirt@arista.com",
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/20650-security-advisory-0107"
    }
  ],
  "sourceIdentifier": "psirt@arista.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-401"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.