Home

CVE-2017-17141

Description

Huawei S12700 V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R007C20; V200R008C00; V200R009C00;S1700 V200R006C10; V200R009C00;S2700 V100R006C03; V200R003C00; V200R005C00; V200R006C00; V200R006C10; V200R007C00; V200R007C00B050; V200R007C00SPC009T; V200R007C00SPC019T; V200R008C00; V200R009C00;S3700 V100R006C03;S5700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R003C02; V200R005C00; V200R005C01; V200R005C02; V200R005C03; V200R006C00; V200R007C00; V200R008C00; V200R009C00;S6700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R005C01; V200R005C02; V200R008C00; V200R009C00;S7700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R006C01; V200R007C00; V200R007C01; V200R008C00; V200R008C06; V200R009C00;S9700 V200R001C00; V200R001C01; V200R002C00; V200R003C00; V200R005C00; V200R006C00; V200R007C00; V200R007C01; V200R008C00; V200R009C00 have a memory leak vulnerability. In some specific conditions, if attackers send specific malformed MPLS Service PING messages to the affected products, products do not release the memory when handling the packets. So successful exploit will result in memory leak of the affected products.

Risk Information

Base Score
3.7
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score
Exploitation Probability
0.176

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2016-8773 ,CVE-2017-15327 ,CVE-2017-17141 ,CVE-2017-17300 are affected in s12700_firmware v200r009c00NCM
Multiple Vulnerabilities affected in s12700_firmware v200r008c00NCM
Vulnerabilities CVE-2016-8773 ,CVE-2017-15327 ,CVE-2017-17141 ,CVE-2019-19397 are affected in s12700_firmware v200r007c01NCM
Multiple Vulnerabilities affected in s12700_firmware v200r007c00NCM
Vulnerabilities CVE-2016-8786 ,CVE-2017-15327 ,CVE-2017-17141 ,CVE-2019-5285 are affected in s12700_firmware v200r006c00NCM
Multiple Vulnerabilities affected in s12700_firmware v200r005c00NCM
Vulnerabilities CVE-2017-15327 ,CVE-2017-17141 ,CVE-2019-19397 are affected in s12700_firmware v200r007c20NCM
Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2017-17141)NCM

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234