CVE-2015-0681

The TFTP server in Cisco IOS 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, 12.4(25e)JAO5m, 12.4(23)JY, 15.0(2)ED1, 15.0(2)EY3, 15.1(3)SVF4a, and 15.2(2)JB1 and IOS XE 2.5.x, 2.6.x, 3.1.xS, 3.2.xS, 3.3.xS, 3.4.xS, and 3.5.xS before 3.6.0S; 3.1.xSG, 3.2.xSG, and 3.3.xSG before 3.4.0SG; 3.2.xSE before 3.3.0SE; 3.2.xXO before 3.3.0XO; 3.2.xSQ; 3.3.xSQ; and 3.4.xSQ allows remote attackers to cause a denial of service (device hang or reload) via multiple requests that trigger improper memory management, aka Bug ID CSCts66733.

Affected Software

Name	Vendor	Start Version	End Version
Ios	Cisco	12.2(33)xn1 (including)	12.2(33)xn1 (including)
Ios	Cisco	12.2(44)sq1 (including)	12.2(44)sq1 (including)
Ios	Cisco	12.4(23)jy (including)	12.4(23)jy (including)
Ios	Cisco	12.4(25e)jam1 (including)	12.4(25e)jam1 (including)
Ios	Cisco	12.4(25e)jao5m (including)	12.4(25e)jao5m (including)
Ios	Cisco	15.0(2)ed1 (including)	15.0(2)ed1 (including)
Ios	Cisco	15.0(2)ey3 (including)	15.0(2)ey3 (including)
Ios	Cisco	15.1(3)svf4a (including)	15.1(3)svf4a (including)
Ios	Cisco	15.2(2)jb1 (including)	15.2(2)jb1 (including)
Ios_xe	Cisco	2.5.0 (including)	2.5.0 (including)
Ios_xe	Cisco	2.5.1 (including)	2.5.1 (including)
Ios_xe	Cisco	2.5.2 (including)	2.5.2 (including)
Ios_xe	Cisco	2.6.0 (including)	2.6.0 (including)
Ios_xe	Cisco	2.6.1 (including)	2.6.1 (including)
Ios_xe	Cisco	2.6.2 (including)	2.6.2 (including)
Ios_xe	Cisco	3.1s.0 (including)	3.1s.0 (including)
Ios_xe	Cisco	3.1s.1 (including)	3.1s.1 (including)
Ios_xe	Cisco	3.1s.2 (including)	3.1s.2 (including)
Ios_xe	Cisco	3.1s.3 (including)	3.1s.3 (including)
Ios_xe	Cisco	3.1s.4 (including)	3.1s.4 (including)
Ios_xe	Cisco	3.1s.5 (including)	3.1s.5 (including)
Ios_xe	Cisco	3.1s.6 (including)	3.1s.6 (including)
Ios_xe	Cisco	3.1sg.0 (including)	3.1sg.0 (including)
Ios_xe	Cisco	3.1sg.1 (including)	3.1sg.1 (including)
Ios_xe	Cisco	3.2s.0 (including)	3.2s.0 (including)
Ios_xe	Cisco	3.2s.1 (including)	3.2s.1 (including)
Ios_xe	Cisco	3.2s.2 (including)	3.2s.2 (including)
Ios_xe	Cisco	3.2s.3 (including)	3.2s.3 (including)
Ios_xe	Cisco	3.2se.0 (including)	3.2se.0 (including)
Ios_xe	Cisco	3.2se.1 (including)	3.2se.1 (including)
Ios_xe	Cisco	3.2se.2 (including)	3.2se.2 (including)
Ios_xe	Cisco	3.2se.3 (including)	3.2se.3 (including)
Ios_xe	Cisco	3.2sg.0 (including)	3.2sg.0 (including)
Ios_xe	Cisco	3.2sg.1 (including)	3.2sg.1 (including)
Ios_xe	Cisco	3.2sg.2 (including)	3.2sg.2 (including)
Ios_xe	Cisco	3.2sg.3 (including)	3.2sg.3 (including)
Ios_xe	Cisco	3.2sg.4 (including)	3.2sg.4 (including)
Ios_xe	Cisco	3.2sg.5 (including)	3.2sg.5 (including)
Ios_xe	Cisco	3.2sg.6 (including)	3.2sg.6 (including)
Ios_xe	Cisco	3.2sg.7 (including)	3.2sg.7 (including)
Ios_xe	Cisco	3.2sg.8 (including)	3.2sg.8 (including)
Ios_xe	Cisco	3.2sg.9 (including)	3.2sg.9 (including)
Ios_xe	Cisco	3.2xo.0 (including)	3.2xo.0 (including)
Ios_xe	Cisco	3.2xo.1 (including)	3.2xo.1 (including)
Ios_xe	Cisco	3.3sg.0 (including)	3.3sg.0 (including)
Ios_xe	Cisco	3.3sg.1 (including)	3.3sg.1 (including)
Ios_xe	Cisco	3.3sg.2 (including)	3.3sg.2 (including)
Ios_xe	Cisco	3.3sq.0 (including)	3.3sq.0 (including)
Ios_xe	Cisco	3.3sq.1 (including)	3.3sq.1 (including)
Ios_xe	Cisco	3.4s.0 (including)	3.4s.0 (including)
Ios_xe	Cisco	3.4s.1 (including)	3.4s.1 (including)
Ios_xe	Cisco	3.4s.2 (including)	3.4s.2 (including)
Ios_xe	Cisco	3.4s.3 (including)	3.4s.3 (including)
Ios_xe	Cisco	3.4s.4 (including)	3.4s.4 (including)
Ios_xe	Cisco	3.4s.5 (including)	3.4s.5 (including)
Ios_xe	Cisco	3.4s.6 (including)	3.4s.6 (including)
Ios_xe	Cisco	3.4sq.0 (including)	3.4sq.0 (including)
Ios_xe	Cisco	3.4sq.1 (including)	3.4sq.1 (including)
Ios_xe	Cisco	3.5s.0 (including)	3.5s.0 (including)
Ios_xe	Cisco	3.5s.1 (including)	3.5s.1 (including)
Ios_xe	Cisco	3.5s.2 (including)	3.5s.2 (including)
Ios_xe	Cisco	3.5s_base (including)	3.5s_base (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-0681
CWE	https://cwe.mitre.org/data/definitions/399.html

Affected Software

References