CVE-2021-40008

Published: Dec 13, 2021Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

There is a memory leak vulnerability in CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEngine 6800 V200R019C00SPC800 and CloudEngine 7800 V200R019C00SPC800. The software does not sufficiently track and release allocated memory while parse a series of crafted binary messages, which could consume remaining memory. Successful exploit could cause memory exhaust.

Affected (4)

Products: Huawei: Cloudengine 7800 Firmware, Cloudengine 6800 Firmware, Cloudengine 5800 Firmware, Cloudengine 12800 Firmware

Huawei

4 products

Cloudengine 7800 Firmware

Cloudengine 6800 Firmware

Cloudengine 5800 Firmware

Cloudengine 12800 Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Cloudengine 7800 Firmware	Version v200r019c00spc800

Running on/with	Platform Versions
Huawei Cloudengine 7800	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Cloudengine 6800 Firmware	Version v200r019c00spc800

Running on/with	Platform Versions
Huawei Cloudengine 6800	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Cloudengine 5800 Firmware	Version v200r019c00spc800

Running on/with	Platform Versions
Huawei Cloudengine 5800	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Huawei Cloudengine 12800 Firmware	Version v200r019c00spc800

Running on/with	Platform Versions
Huawei Cloudengine 12800	All versions

Related CWEs

CWE-772

Missing Release of Resource after Effective Lifetime

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

References (2)

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211208-01-memleak-en

Source: psirt@huawei.com

Vendor Advisory

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211208-01-memleak-en

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.