A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper reassembly of large packets that occurs when VFR is enabled on either a tunnel interface or on a physical interface that is configured with a maximum transmission unit (MTU) greater than 4,615 bytes. An attacker could exploit this vulnerability by sending fragmented packets through a VFR-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory “belongs” to the code that operates on the new pointer.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ios_xe | Cisco | 3.9.0as (including) | 3.9.0as (including) |
| Ios_xe | Cisco | 3.9.1s (including) | 3.9.1s (including) |
| Ios_xe | Cisco | 3.9.2s (including) | 3.9.2s (including) |
| Ios_xe | Cisco | 3.10.0s (including) | 3.10.0s (including) |
| Ios_xe | Cisco | 3.10.1s (including) | 3.10.1s (including) |
| Ios_xe | Cisco | 3.10.2as (including) | 3.10.2as (including) |
| Ios_xe | Cisco | 3.10.2s (including) | 3.10.2s (including) |
| Ios_xe | Cisco | 3.10.2ts (including) | 3.10.2ts (including) |
| Ios_xe | Cisco | 3.10.3s (including) | 3.10.3s (including) |
| Ios_xe | Cisco | 3.10.4s (including) | 3.10.4s (including) |
| Ios_xe | Cisco | 3.10.5s (including) | 3.10.5s (including) |
| Ios_xe | Cisco | 3.10.6s (including) | 3.10.6s (including) |
| Ios_xe | Cisco | 3.10.7s (including) | 3.10.7s (including) |
| Ios_xe | Cisco | 3.10.8as (including) | 3.10.8as (including) |
| Ios_xe | Cisco | 3.10.8s (including) | 3.10.8s (including) |
| Ios_xe | Cisco | 3.10.9s (including) | 3.10.9s (including) |
| Ios_xe | Cisco | 3.10.10s (including) | 3.10.10s (including) |
| Ios_xe | Cisco | 3.11.0s (including) | 3.11.0s (including) |
| Ios_xe | Cisco | 3.11.1s (including) | 3.11.1s (including) |
| Ios_xe | Cisco | 3.11.2s (including) | 3.11.2s (including) |
| Ios_xe | Cisco | 3.11.3s (including) | 3.11.3s (including) |
| Ios_xe | Cisco | 3.11.4s (including) | 3.11.4s (including) |
| Ios_xe | Cisco | 3.12.0s (including) | 3.12.0s (including) |
| Ios_xe | Cisco | 3.12.1s (including) | 3.12.1s (including) |
| Ios_xe | Cisco | 3.12.2s (including) | 3.12.2s (including) |
| Ios_xe | Cisco | 3.12.3s (including) | 3.12.3s (including) |
| Ios_xe | Cisco | 3.12.4s (including) | 3.12.4s (including) |
| Ios_xe | Cisco | 3.13.0s (including) | 3.13.0s (including) |
| Ios_xe | Cisco | 3.13.1s (including) | 3.13.1s (including) |
| Ios_xe | Cisco | 3.13.2s (including) | 3.13.2s (including) |
| Ios_xe | Cisco | 3.13.3s (including) | 3.13.3s (including) |
| Ios_xe | Cisco | 3.13.4s (including) | 3.13.4s (including) |
| Ios_xe | Cisco | 3.13.5s (including) | 3.13.5s (including) |
| Ios_xe | Cisco | 3.13.6as (including) | 3.13.6as (including) |
| Ios_xe | Cisco | 3.13.6s (including) | 3.13.6s (including) |
| Ios_xe | Cisco | 3.13.7s (including) | 3.13.7s (including) |
| Ios_xe | Cisco | 3.13.8s (including) | 3.13.8s (including) |
| Ios_xe | Cisco | 3.13.9s (including) | 3.13.9s (including) |
| Ios_xe | Cisco | 3.13.10s (including) | 3.13.10s (including) |
| Ios_xe | Cisco | 3.14.0s (including) | 3.14.0s (including) |
| Ios_xe | Cisco | 3.14.1s (including) | 3.14.1s (including) |
| Ios_xe | Cisco | 3.14.2s (including) | 3.14.2s (including) |
| Ios_xe | Cisco | 3.14.3s (including) | 3.14.3s (including) |
| Ios_xe | Cisco | 3.14.4s (including) | 3.14.4s (including) |
| Ios_xe | Cisco | 3.15.0s (including) | 3.15.0s (including) |
| Ios_xe | Cisco | 3.15.1cs (including) | 3.15.1cs (including) |
| Ios_xe | Cisco | 3.15.1s (including) | 3.15.1s (including) |
| Ios_xe | Cisco | 3.15.2s (including) | 3.15.2s (including) |
| Ios_xe | Cisco | 3.15.3s (including) | 3.15.3s (including) |
| Ios_xe | Cisco | 3.15.4s (including) | 3.15.4s (including) |
| Ios_xe | Cisco | 3.16.0cs (including) | 3.16.0cs (including) |
| Ios_xe | Cisco | 3.16.0s (including) | 3.16.0s (including) |
| Ios_xe | Cisco | 3.16.1as (including) | 3.16.1as (including) |
| Ios_xe | Cisco | 3.16.2s (including) | 3.16.2s (including) |
| Ios_xe | Cisco | 3.16.3s (including) | 3.16.3s (including) |
| Ios_xe | Cisco | 3.16.4as (including) | 3.16.4as (including) |
| Ios_xe | Cisco | 3.16.4bs (including) | 3.16.4bs (including) |
| Ios_xe | Cisco | 3.16.4cs (including) | 3.16.4cs (including) |
| Ios_xe | Cisco | 3.16.4ds (including) | 3.16.4ds (including) |
| Ios_xe | Cisco | 3.16.4es (including) | 3.16.4es (including) |
| Ios_xe | Cisco | 3.16.4gs (including) | 3.16.4gs (including) |
| Ios_xe | Cisco | 3.16.5as (including) | 3.16.5as (including) |
| Ios_xe | Cisco | 3.16.5bs (including) | 3.16.5bs (including) |
| Ios_xe | Cisco | 3.16.5s (including) | 3.16.5s (including) |
| Ios_xe | Cisco | 3.16.6bs (including) | 3.16.6bs (including) |
| Ios_xe | Cisco | 3.16.6s (including) | 3.16.6s (including) |
| Ios_xe | Cisco | 3.16.7as (including) | 3.16.7as (including) |
| Ios_xe | Cisco | 3.16.7bs (including) | 3.16.7bs (including) |
| Ios_xe | Cisco | 3.16.7s (including) | 3.16.7s (including) |
| Ios_xe | Cisco | 3.16.8s (including) | 3.16.8s (including) |
| Ios_xe | Cisco | 3.16.9s (including) | 3.16.9s (including) |
| Ios_xe | Cisco | 3.16.10s (including) | 3.16.10s (including) |
| Ios_xe | Cisco | 3.17.0s (including) | 3.17.0s (including) |
| Ios_xe | Cisco | 3.17.1s (including) | 3.17.1s (including) |
| Ios_xe | Cisco | 3.17.2s (including) | 3.17.2s (including) |
| Ios_xe | Cisco | 3.17.3s (including) | 3.17.3s (including) |
| Ios_xe | Cisco | 3.17.4s (including) | 3.17.4s (including) |
| Ios_xe | Cisco | 3.18.0as (including) | 3.18.0as (including) |
| Ios_xe | Cisco | 3.18.2asp (including) | 3.18.2asp (including) |
| Ios_xe | Cisco | 16.2.1 (including) | 16.2.1 (including) |
| Ios_xe | Cisco | 16.2.2 (including) | 16.2.2 (including) |
| Ios_xe | Cisco | 16.3.1 (including) | 16.3.1 (including) |
| Ios_xe | Cisco | 16.3.1a (including) | 16.3.1a (including) |
| Ios_xe | Cisco | 16.3.2 (including) | 16.3.2 (including) |
| Ios_xe | Cisco | 16.3.3 (including) | 16.3.3 (including) |
| Ios_xe | Cisco | 16.3.4 (including) | 16.3.4 (including) |
| Ios_xe | Cisco | 16.3.5 (including) | 16.3.5 (including) |
| Ios_xe | Cisco | 16.3.6 (including) | 16.3.6 (including) |
| Ios_xe | Cisco | 16.3.7 (including) | 16.3.7 (including) |
| Ios_xe | Cisco | 16.3.8 (including) | 16.3.8 (including) |
| Ios_xe | Cisco | 16.3.9 (including) | 16.3.9 (including) |
| Ios_xe | Cisco | 16.3.10 (including) | 16.3.10 (including) |
| Ios_xe | Cisco | 16.3.11 (including) | 16.3.11 (including) |
| Ios_xe | Cisco | 16.4.1 (including) | 16.4.1 (including) |
| Ios_xe | Cisco | 16.4.2 (including) | 16.4.2 (including) |
| Ios_xe | Cisco | 16.4.3 (including) | 16.4.3 (including) |
| Ios_xe | Cisco | 16.5.1 (including) | 16.5.1 (including) |
| Ios_xe | Cisco | 16.5.1b (including) | 16.5.1b (including) |
| Ios_xe | Cisco | 16.5.2 (including) | 16.5.2 (including) |
| Ios_xe | Cisco | 16.5.3 (including) | 16.5.3 (including) |
| Ios_xe | Cisco | 16.6.1 (including) | 16.6.1 (including) |
| Ios_xe | Cisco | 16.6.2 (including) | 16.6.2 (including) |
| Ios_xe | Cisco | 16.6.3 (including) | 16.6.3 (including) |
| Ios_xe | Cisco | 16.6.4 (including) | 16.6.4 (including) |
| Ios_xe | Cisco | 16.6.4s (including) | 16.6.4s (including) |
| Ios_xe | Cisco | 16.6.5 (including) | 16.6.5 (including) |
| Ios_xe | Cisco | 16.6.6 (including) | 16.6.6 (including) |
| Ios_xe | Cisco | 16.6.7 (including) | 16.6.7 (including) |
| Ios_xe | Cisco | 16.6.8 (including) | 16.6.8 (including) |
| Ios_xe | Cisco | 16.6.9 (including) | 16.6.9 (including) |
| Ios_xe | Cisco | 16.6.10 (including) | 16.6.10 (including) |
| Ios_xe | Cisco | 16.7.1 (including) | 16.7.1 (including) |
| Ios_xe | Cisco | 16.7.2 (including) | 16.7.2 (including) |
| Ios_xe | Cisco | 16.7.3 (including) | 16.7.3 (including) |
| Ios_xe | Cisco | 16.8.1 (including) | 16.8.1 (including) |
| Ios_xe | Cisco | 16.8.1s (including) | 16.8.1s (including) |
| Ios_xe | Cisco | 16.8.2 (including) | 16.8.2 (including) |
| Ios_xe | Cisco | 16.8.3 (including) | 16.8.3 (including) |
| Ios_xe | Cisco | 16.9.1 (including) | 16.9.1 (including) |
| Ios_xe | Cisco | 16.9.1s (including) | 16.9.1s (including) |
| Ios_xe | Cisco | 16.9.2 (including) | 16.9.2 (including) |
| Ios_xe | Cisco | 16.9.2s (including) | 16.9.2s (including) |
| Ios_xe | Cisco | 16.9.3 (including) | 16.9.3 (including) |
| Ios_xe | Cisco | 16.9.3s (including) | 16.9.3s (including) |
| Ios_xe | Cisco | 16.9.4 (including) | 16.9.4 (including) |
| Ios_xe | Cisco | 16.9.5 (including) | 16.9.5 (including) |
| Ios_xe | Cisco | 16.9.6 (including) | 16.9.6 (including) |
| Ios_xe | Cisco | 16.9.7 (including) | 16.9.7 (including) |
| Ios_xe | Cisco | 16.9.8 (including) | 16.9.8 (including) |
| Ios_xe | Cisco | 16.9.8a (including) | 16.9.8a (including) |
| Ios_xe | Cisco | 16.9.8c (including) | 16.9.8c (including) |
| Ios_xe | Cisco | 16.10.1 (including) | 16.10.1 (including) |
| Ios_xe | Cisco | 16.10.1a (including) | 16.10.1a (including) |
| Ios_xe | Cisco | 16.10.1b (including) | 16.10.1b (including) |
| Ios_xe | Cisco | 16.10.1e (including) | 16.10.1e (including) |
| Ios_xe | Cisco | 16.10.1s (including) | 16.10.1s (including) |
| Ios_xe | Cisco | 16.10.2 (including) | 16.10.2 (including) |
| Ios_xe | Cisco | 16.10.3 (including) | 16.10.3 (including) |
| Ios_xe | Cisco | 16.11.1 (including) | 16.11.1 (including) |
| Ios_xe | Cisco | 16.11.1a (including) | 16.11.1a (including) |
| Ios_xe | Cisco | 16.11.1c (including) | 16.11.1c (including) |
| Ios_xe | Cisco | 16.11.1s (including) | 16.11.1s (including) |
| Ios_xe | Cisco | 16.11.2 (including) | 16.11.2 (including) |
| Ios_xe | Cisco | 16.12.1 (including) | 16.12.1 (including) |
| Ios_xe | Cisco | 16.12.1a (including) | 16.12.1a (including) |
| Ios_xe | Cisco | 16.12.1c (including) | 16.12.1c (including) |
| Ios_xe | Cisco | 16.12.1s (including) | 16.12.1s (including) |
| Ios_xe | Cisco | 16.12.2 (including) | 16.12.2 (including) |
| Ios_xe | Cisco | 16.12.2s (including) | 16.12.2s (including) |
| Ios_xe | Cisco | 16.12.2t (including) | 16.12.2t (including) |
| Ios_xe | Cisco | 16.12.3 (including) | 16.12.3 (including) |
| Ios_xe | Cisco | 16.12.3s (including) | 16.12.3s (including) |
| Ios_xe | Cisco | 16.12.4 (including) | 16.12.4 (including) |
| Ios_xe | Cisco | 16.12.5 (including) | 16.12.5 (including) |
| Ios_xe | Cisco | 16.12.6 (including) | 16.12.6 (including) |
| Ios_xe | Cisco | 16.12.7 (including) | 16.12.7 (including) |
| Ios_xe | Cisco | 16.12.8 (including) | 16.12.8 (including) |
| Ios_xe | Cisco | 17.1.1 (including) | 17.1.1 (including) |
| Ios_xe | Cisco | 17.1.1s (including) | 17.1.1s (including) |
| Ios_xe | Cisco | 17.1.1t (including) | 17.1.1t (including) |
| Ios_xe | Cisco | 17.1.2 (including) | 17.1.2 (including) |
| Ios_xe | Cisco | 17.1.3 (including) | 17.1.3 (including) |
| Ios_xe | Cisco | 17.2.1 (including) | 17.2.1 (including) |
| Ios_xe | Cisco | 17.2.1r (including) | 17.2.1r (including) |
| Ios_xe | Cisco | 17.2.1v (including) | 17.2.1v (including) |
| Ios_xe | Cisco | 17.2.2 (including) | 17.2.2 (including) |
| Ios_xe | Cisco | 17.2.3 (including) | 17.2.3 (including) |
| Ios_xe | Cisco | 17.3.1 (including) | 17.3.1 (including) |
| Ios_xe | Cisco | 17.3.1a (including) | 17.3.1a (including) |
| Ios_xe | Cisco | 17.3.2 (including) | 17.3.2 (including) |
| Ios_xe | Cisco | 17.3.3 (including) | 17.3.3 (including) |
| Ios_xe | Cisco | 17.3.4 (including) | 17.3.4 (including) |
| Ios_xe | Cisco | 17.3.4a (including) | 17.3.4a (including) |
| Ios_xe | Cisco | 17.3.5 (including) | 17.3.5 (including) |
| Ios_xe | Cisco | 17.4.1 (including) | 17.4.1 (including) |
| Ios_xe | Cisco | 17.4.1a (including) | 17.4.1a (including) |
| Ios_xe | Cisco | 17.4.1b (including) | 17.4.1b (including) |
| Ios_xe | Cisco | 17.4.2 (including) | 17.4.2 (including) |
| Ios_xe | Cisco | 17.5.1 (including) | 17.5.1 (including) |
| Ios_xe | Cisco | 17.5.1a (including) | 17.5.1a (including) |
| Ios_xe | Cisco | 17.6.1 (including) | 17.6.1 (including) |
| Ios_xe | Cisco | 17.6.1a (including) | 17.6.1a (including) |
| Ios_xe | Cisco | 17.6.2 (including) | 17.6.2 (including) |
| Ios_xe | Cisco | 17.6.3 (including) | 17.6.3 (including) |
| Ios_xe | Cisco | 17.6.3a (including) | 17.6.3a (including) |
| Ios_xe | Cisco | 17.7.1 (including) | 17.7.1 (including) |
| Ios_xe | Cisco | 17.7.1a (including) | 17.7.1a (including) |
| Ios_xe | Cisco | 17.7.2 (including) | 17.7.2 (including) |
| Ios_xe | Cisco | 17.8.1 (including) | 17.8.1 (including) |
| Ios_xe | Cisco | 17.8.1a (including) | 17.8.1a (including) |