A vulnerability in the Cisco Express Forwarding functionality of Cisco IOS XE Software for Cisco ASR 903 Aggregation Services Routers with Route Switch Processor 3 (RSP3C) could allow an unauthenticated, adjacent attacker to trigger a denial of service (DoS) condition. This vulnerability is due to improper memory management when Cisco IOS XE Software is processing Address Resolution Protocol (ARP) messages. An attacker could exploit this vulnerability by sending crafted ARP messages at a high rate over a period of time to an affected device. A successful exploit could allow the attacker to exhaust system resources, which eventually triggers a reload of the active route switch processor (RSP). If a redundant RSP is not present, the router reloads.
The product attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ios_xe | Cisco | 3.16.0cs (including) | 3.16.0cs (including) |
Ios_xe | Cisco | 3.16.0s (including) | 3.16.0s (including) |
Ios_xe | Cisco | 3.16.1as (including) | 3.16.1as (including) |
Ios_xe | Cisco | 3.16.1s (including) | 3.16.1s (including) |
Ios_xe | Cisco | 3.16.2as (including) | 3.16.2as (including) |
Ios_xe | Cisco | 3.16.2bs (including) | 3.16.2bs (including) |
Ios_xe | Cisco | 3.16.2s (including) | 3.16.2s (including) |
Ios_xe | Cisco | 3.16.3as (including) | 3.16.3as (including) |
Ios_xe | Cisco | 3.16.3s (including) | 3.16.3s (including) |
Ios_xe | Cisco | 3.16.4as (including) | 3.16.4as (including) |
Ios_xe | Cisco | 3.16.4bs (including) | 3.16.4bs (including) |
Ios_xe | Cisco | 3.16.4ds (including) | 3.16.4ds (including) |
Ios_xe | Cisco | 3.16.4s (including) | 3.16.4s (including) |
Ios_xe | Cisco | 3.16.5s (including) | 3.16.5s (including) |
Ios_xe | Cisco | 3.16.6bs (including) | 3.16.6bs (including) |
Ios_xe | Cisco | 3.16.6s (including) | 3.16.6s (including) |
Ios_xe | Cisco | 3.16.7as (including) | 3.16.7as (including) |
Ios_xe | Cisco | 3.16.7bs (including) | 3.16.7bs (including) |
Ios_xe | Cisco | 3.16.7s (including) | 3.16.7s (including) |
Ios_xe | Cisco | 3.16.8s (including) | 3.16.8s (including) |
Ios_xe | Cisco | 3.16.9s (including) | 3.16.9s (including) |
Ios_xe | Cisco | 3.16.10s (including) | 3.16.10s (including) |
Ios_xe | Cisco | 3.17.0s (including) | 3.17.0s (including) |
Ios_xe | Cisco | 3.17.1as (including) | 3.17.1as (including) |
Ios_xe | Cisco | 3.17.1s (including) | 3.17.1s (including) |
Ios_xe | Cisco | 3.17.2s (including) | 3.17.2s (including) |
Ios_xe | Cisco | 3.17.3s (including) | 3.17.3s (including) |
Ios_xe | Cisco | 3.17.4s (including) | 3.17.4s (including) |
Ios_xe | Cisco | 3.18.0as (including) | 3.18.0as (including) |
Ios_xe | Cisco | 3.18.0s (including) | 3.18.0s (including) |
Ios_xe | Cisco | 3.18.0sp (including) | 3.18.0sp (including) |
Ios_xe | Cisco | 3.18.1asp (including) | 3.18.1asp (including) |
Ios_xe | Cisco | 3.18.1bsp (including) | 3.18.1bsp (including) |
Ios_xe | Cisco | 3.18.1csp (including) | 3.18.1csp (including) |
Ios_xe | Cisco | 3.18.1s (including) | 3.18.1s (including) |
Ios_xe | Cisco | 3.18.1sp (including) | 3.18.1sp (including) |
Ios_xe | Cisco | 3.18.2asp (including) | 3.18.2asp (including) |
Ios_xe | Cisco | 3.18.2s (including) | 3.18.2s (including) |
Ios_xe | Cisco | 3.18.2sp (including) | 3.18.2sp (including) |
Ios_xe | Cisco | 3.18.3asp (including) | 3.18.3asp (including) |
Ios_xe | Cisco | 3.18.3bsp (including) | 3.18.3bsp (including) |
Ios_xe | Cisco | 3.18.3s (including) | 3.18.3s (including) |
Ios_xe | Cisco | 3.18.3sp (including) | 3.18.3sp (including) |
Ios_xe | Cisco | 3.18.4s (including) | 3.18.4s (including) |
Ios_xe | Cisco | 3.18.4sp (including) | 3.18.4sp (including) |
Ios_xe | Cisco | 3.18.5sp (including) | 3.18.5sp (including) |
Ios_xe | Cisco | 3.18.6sp (including) | 3.18.6sp (including) |
Ios_xe | Cisco | 3.18.7sp (including) | 3.18.7sp (including) |
Ios_xe | Cisco | 3.18.8asp (including) | 3.18.8asp (including) |
Ios_xe | Cisco | 3.18.9sp (including) | 3.18.9sp (including) |
Ios_xe | Cisco | 16.1.1 (including) | 16.1.1 (including) |
Ios_xe | Cisco | 16.1.2 (including) | 16.1.2 (including) |
Ios_xe | Cisco | 16.1.3 (including) | 16.1.3 (including) |
Ios_xe | Cisco | 16.2.1 (including) | 16.2.1 (including) |
Ios_xe | Cisco | 16.2.2 (including) | 16.2.2 (including) |
Ios_xe | Cisco | 16.3.1 (including) | 16.3.1 (including) |
Ios_xe | Cisco | 16.3.1a (including) | 16.3.1a (including) |
Ios_xe | Cisco | 16.3.2 (including) | 16.3.2 (including) |
Ios_xe | Cisco | 16.3.3 (including) | 16.3.3 (including) |
Ios_xe | Cisco | 16.3.4 (including) | 16.3.4 (including) |
Ios_xe | Cisco | 16.3.5 (including) | 16.3.5 (including) |
Ios_xe | Cisco | 16.3.5b (including) | 16.3.5b (including) |
Ios_xe | Cisco | 16.3.6 (including) | 16.3.6 (including) |
Ios_xe | Cisco | 16.3.7 (including) | 16.3.7 (including) |
Ios_xe | Cisco | 16.3.8 (including) | 16.3.8 (including) |
Ios_xe | Cisco | 16.3.9 (including) | 16.3.9 (including) |
Ios_xe | Cisco | 16.3.10 (including) | 16.3.10 (including) |
Ios_xe | Cisco | 16.3.11 (including) | 16.3.11 (including) |
Ios_xe | Cisco | 16.4.1 (including) | 16.4.1 (including) |
Ios_xe | Cisco | 16.4.2 (including) | 16.4.2 (including) |
Ios_xe | Cisco | 16.4.3 (including) | 16.4.3 (including) |
Ios_xe | Cisco | 16.5.1 (including) | 16.5.1 (including) |
Ios_xe | Cisco | 16.5.1a (including) | 16.5.1a (including) |
Ios_xe | Cisco | 16.5.1b (including) | 16.5.1b (including) |
Ios_xe | Cisco | 16.5.2 (including) | 16.5.2 (including) |
Ios_xe | Cisco | 16.5.3 (including) | 16.5.3 (including) |
Ios_xe | Cisco | 16.6.1 (including) | 16.6.1 (including) |
Ios_xe | Cisco | 16.6.2 (including) | 16.6.2 (including) |
Ios_xe | Cisco | 16.6.3 (including) | 16.6.3 (including) |
Ios_xe | Cisco | 16.6.4 (including) | 16.6.4 (including) |
Ios_xe | Cisco | 16.6.4a (including) | 16.6.4a (including) |
Ios_xe | Cisco | 16.6.5 (including) | 16.6.5 (including) |
Ios_xe | Cisco | 16.6.5a (including) | 16.6.5a (including) |
Ios_xe | Cisco | 16.6.6 (including) | 16.6.6 (including) |
Ios_xe | Cisco | 16.6.7 (including) | 16.6.7 (including) |
Ios_xe | Cisco | 16.6.8 (including) | 16.6.8 (including) |
Ios_xe | Cisco | 16.6.9 (including) | 16.6.9 (including) |
Ios_xe | Cisco | 16.6.10 (including) | 16.6.10 (including) |
Ios_xe | Cisco | 16.7.1 (including) | 16.7.1 (including) |
Ios_xe | Cisco | 16.7.1a (including) | 16.7.1a (including) |
Ios_xe | Cisco | 16.7.1b (including) | 16.7.1b (including) |
Ios_xe | Cisco | 16.7.2 (including) | 16.7.2 (including) |
Ios_xe | Cisco | 16.7.3 (including) | 16.7.3 (including) |
Ios_xe | Cisco | 16.7.4 (including) | 16.7.4 (including) |
Ios_xe | Cisco | 16.8.1 (including) | 16.8.1 (including) |
Ios_xe | Cisco | 16.8.1a (including) | 16.8.1a (including) |
Ios_xe | Cisco | 16.8.1b (including) | 16.8.1b (including) |
Ios_xe | Cisco | 16.8.1c (including) | 16.8.1c (including) |
Ios_xe | Cisco | 16.8.1d (including) | 16.8.1d (including) |
Ios_xe | Cisco | 16.8.1e (including) | 16.8.1e (including) |
Ios_xe | Cisco | 16.8.1s (including) | 16.8.1s (including) |
Ios_xe | Cisco | 16.8.2 (including) | 16.8.2 (including) |
Ios_xe | Cisco | 16.8.3 (including) | 16.8.3 (including) |
Ios_xe | Cisco | 16.9.1 (including) | 16.9.1 (including) |
Ios_xe | Cisco | 16.9.1a (including) | 16.9.1a (including) |
Ios_xe | Cisco | 16.9.1b (including) | 16.9.1b (including) |
Ios_xe | Cisco | 16.9.1s (including) | 16.9.1s (including) |
Ios_xe | Cisco | 16.9.2 (including) | 16.9.2 (including) |
Ios_xe | Cisco | 16.9.3 (including) | 16.9.3 (including) |
Ios_xe | Cisco | 16.9.3a (including) | 16.9.3a (including) |
Ios_xe | Cisco | 16.9.4 (including) | 16.9.4 (including) |
Ios_xe | Cisco | 16.9.5 (including) | 16.9.5 (including) |
Ios_xe | Cisco | 16.9.5f (including) | 16.9.5f (including) |
Ios_xe | Cisco | 16.9.6 (including) | 16.9.6 (including) |
Ios_xe | Cisco | 16.9.7 (including) | 16.9.7 (including) |
Ios_xe | Cisco | 16.9.8 (including) | 16.9.8 (including) |
Ios_xe | Cisco | 16.10.1 (including) | 16.10.1 (including) |
Ios_xe | Cisco | 16.10.1a (including) | 16.10.1a (including) |
Ios_xe | Cisco | 16.10.1b (including) | 16.10.1b (including) |
Ios_xe | Cisco | 16.10.1c (including) | 16.10.1c (including) |
Ios_xe | Cisco | 16.10.1d (including) | 16.10.1d (including) |
Ios_xe | Cisco | 16.10.1e (including) | 16.10.1e (including) |
Ios_xe | Cisco | 16.10.1f (including) | 16.10.1f (including) |
Ios_xe | Cisco | 16.10.1g (including) | 16.10.1g (including) |
Ios_xe | Cisco | 16.10.1s (including) | 16.10.1s (including) |
Ios_xe | Cisco | 16.10.2 (including) | 16.10.2 (including) |
Ios_xe | Cisco | 16.10.3 (including) | 16.10.3 (including) |
Ios_xe | Cisco | 16.11.1 (including) | 16.11.1 (including) |
Ios_xe | Cisco | 16.11.1a (including) | 16.11.1a (including) |
Ios_xe | Cisco | 16.11.1b (including) | 16.11.1b (including) |
Ios_xe | Cisco | 16.11.1s (including) | 16.11.1s (including) |
Ios_xe | Cisco | 16.11.2 (including) | 16.11.2 (including) |
Ios_xe | Cisco | 16.12.1 (including) | 16.12.1 (including) |
Ios_xe | Cisco | 16.12.1a (including) | 16.12.1a (including) |
Ios_xe | Cisco | 16.12.1c (including) | 16.12.1c (including) |
Ios_xe | Cisco | 16.12.1s (including) | 16.12.1s (including) |
Ios_xe | Cisco | 16.12.1t (including) | 16.12.1t (including) |
Ios_xe | Cisco | 16.12.1w (including) | 16.12.1w (including) |
Ios_xe | Cisco | 16.12.1x (including) | 16.12.1x (including) |
Ios_xe | Cisco | 16.12.1y (including) | 16.12.1y (including) |
Ios_xe | Cisco | 16.12.1z1 (including) | 16.12.1z1 (including) |
Ios_xe | Cisco | 16.12.1z2 (including) | 16.12.1z2 (including) |
Ios_xe | Cisco | 16.12.2 (including) | 16.12.2 (including) |
Ios_xe | Cisco | 16.12.2a (including) | 16.12.2a (including) |
Ios_xe | Cisco | 16.12.2s (including) | 16.12.2s (including) |
Ios_xe | Cisco | 16.12.3 (including) | 16.12.3 (including) |
Ios_xe | Cisco | 16.12.3a (including) | 16.12.3a (including) |
Ios_xe | Cisco | 16.12.3s (including) | 16.12.3s (including) |
Ios_xe | Cisco | 16.12.4 (including) | 16.12.4 (including) |
Ios_xe | Cisco | 16.12.4a (including) | 16.12.4a (including) |
Ios_xe | Cisco | 16.12.5 (including) | 16.12.5 (including) |
Ios_xe | Cisco | 16.12.5a (including) | 16.12.5a (including) |
Ios_xe | Cisco | 16.12.5b (including) | 16.12.5b (including) |
Ios_xe | Cisco | 16.12.6 (including) | 16.12.6 (including) |
Ios_xe | Cisco | 16.12.6a (including) | 16.12.6a (including) |
Ios_xe | Cisco | 16.12.7 (including) | 16.12.7 (including) |
Ios_xe | Cisco | 16.12.8 (including) | 16.12.8 (including) |
Ios_xe | Cisco | 16.12.9 (including) | 16.12.9 (including) |
Ios_xe | Cisco | 16.12.10 (including) | 16.12.10 (including) |
Ios_xe | Cisco | 16.12.10a (including) | 16.12.10a (including) |
Ios_xe | Cisco | 16.12.11 (including) | 16.12.11 (including) |
Ios_xe | Cisco | 16.12.12 (including) | 16.12.12 (including) |
Ios_xe | Cisco | 16.12.13 (including) | 16.12.13 (including) |
Ios_xe | Cisco | 17.1.1 (including) | 17.1.1 (including) |
Ios_xe | Cisco | 17.1.1a (including) | 17.1.1a (including) |
Ios_xe | Cisco | 17.1.1s (including) | 17.1.1s (including) |
Ios_xe | Cisco | 17.1.1t (including) | 17.1.1t (including) |
Ios_xe | Cisco | 17.1.3 (including) | 17.1.3 (including) |
Ios_xe | Cisco | 17.2.1 (including) | 17.2.1 (including) |
Ios_xe | Cisco | 17.2.1a (including) | 17.2.1a (including) |
Ios_xe | Cisco | 17.2.1r (including) | 17.2.1r (including) |
Ios_xe | Cisco | 17.2.1v (including) | 17.2.1v (including) |
Ios_xe | Cisco | 17.2.2 (including) | 17.2.2 (including) |
Ios_xe | Cisco | 17.2.3 (including) | 17.2.3 (including) |
Ios_xe | Cisco | 17.3.1 (including) | 17.3.1 (including) |
Ios_xe | Cisco | 17.3.1a (including) | 17.3.1a (including) |
Ios_xe | Cisco | 17.3.1w (including) | 17.3.1w (including) |
Ios_xe | Cisco | 17.3.1x (including) | 17.3.1x (including) |
Ios_xe | Cisco | 17.3.1z (including) | 17.3.1z (including) |
Ios_xe | Cisco | 17.3.2 (including) | 17.3.2 (including) |
Ios_xe | Cisco | 17.3.2a (including) | 17.3.2a (including) |
Ios_xe | Cisco | 17.3.3 (including) | 17.3.3 (including) |
Ios_xe | Cisco | 17.3.4 (including) | 17.3.4 (including) |
Ios_xe | Cisco | 17.3.4a (including) | 17.3.4a (including) |
Ios_xe | Cisco | 17.3.4b (including) | 17.3.4b (including) |
Ios_xe | Cisco | 17.3.4c (including) | 17.3.4c (including) |
Ios_xe | Cisco | 17.3.5 (including) | 17.3.5 (including) |
Ios_xe | Cisco | 17.3.5a (including) | 17.3.5a (including) |
Ios_xe | Cisco | 17.3.5b (including) | 17.3.5b (including) |
Ios_xe | Cisco | 17.3.6 (including) | 17.3.6 (including) |
Ios_xe | Cisco | 17.3.7 (including) | 17.3.7 (including) |
Ios_xe | Cisco | 17.3.8 (including) | 17.3.8 (including) |
Ios_xe | Cisco | 17.3.8a (including) | 17.3.8a (including) |
Ios_xe | Cisco | 17.4.1 (including) | 17.4.1 (including) |
Ios_xe | Cisco | 17.4.1a (including) | 17.4.1a (including) |
Ios_xe | Cisco | 17.4.1b (including) | 17.4.1b (including) |
Ios_xe | Cisco | 17.4.2 (including) | 17.4.2 (including) |
Ios_xe | Cisco | 17.4.2a (including) | 17.4.2a (including) |
Ios_xe | Cisco | 17.5.1 (including) | 17.5.1 (including) |
Ios_xe | Cisco | 17.5.1a (including) | 17.5.1a (including) |
Ios_xe | Cisco | 17.6.1 (including) | 17.6.1 (including) |
Ios_xe | Cisco | 17.6.1a (including) | 17.6.1a (including) |
Ios_xe | Cisco | 17.6.1w (including) | 17.6.1w (including) |
Ios_xe | Cisco | 17.6.1x (including) | 17.6.1x (including) |
Ios_xe | Cisco | 17.6.1y (including) | 17.6.1y (including) |
Ios_xe | Cisco | 17.6.1z (including) | 17.6.1z (including) |
Ios_xe | Cisco | 17.6.1z1 (including) | 17.6.1z1 (including) |
Ios_xe | Cisco | 17.6.2 (including) | 17.6.2 (including) |
Ios_xe | Cisco | 17.6.3 (including) | 17.6.3 (including) |
Ios_xe | Cisco | 17.6.3a (including) | 17.6.3a (including) |
Ios_xe | Cisco | 17.6.4 (including) | 17.6.4 (including) |
Ios_xe | Cisco | 17.6.5 (including) | 17.6.5 (including) |
Ios_xe | Cisco | 17.6.5a (including) | 17.6.5a (including) |
Ios_xe | Cisco | 17.6.6 (including) | 17.6.6 (including) |
Ios_xe | Cisco | 17.6.6a (including) | 17.6.6a (including) |
Ios_xe | Cisco | 17.6.7 (including) | 17.6.7 (including) |
Ios_xe | Cisco | 17.6.8 (including) | 17.6.8 (including) |
Ios_xe | Cisco | 17.6.8a (including) | 17.6.8a (including) |
Ios_xe | Cisco | 17.7.1 (including) | 17.7.1 (including) |
Ios_xe | Cisco | 17.7.1a (including) | 17.7.1a (including) |
Ios_xe | Cisco | 17.7.1b (including) | 17.7.1b (including) |
Ios_xe | Cisco | 17.7.2 (including) | 17.7.2 (including) |
Ios_xe | Cisco | 17.8.1 (including) | 17.8.1 (including) |
Ios_xe | Cisco | 17.8.1a (including) | 17.8.1a (including) |
Ios_xe | Cisco | 17.9.1 (including) | 17.9.1 (including) |
Ios_xe | Cisco | 17.9.1a (including) | 17.9.1a (including) |
Ios_xe | Cisco | 17.9.1w (including) | 17.9.1w (including) |
Ios_xe | Cisco | 17.9.1x (including) | 17.9.1x (including) |
Ios_xe | Cisco | 17.9.1x1 (including) | 17.9.1x1 (including) |
Ios_xe | Cisco | 17.9.1y (including) | 17.9.1y (including) |
Ios_xe | Cisco | 17.9.1y1 (including) | 17.9.1y1 (including) |
Ios_xe | Cisco | 17.9.2 (including) | 17.9.2 (including) |
Ios_xe | Cisco | 17.9.2a (including) | 17.9.2a (including) |
Ios_xe | Cisco | 17.9.3 (including) | 17.9.3 (including) |
Ios_xe | Cisco | 17.9.3a (including) | 17.9.3a (including) |
Ios_xe | Cisco | 17.9.4 (including) | 17.9.4 (including) |
Ios_xe | Cisco | 17.9.4a (including) | 17.9.4a (including) |
Ios_xe | Cisco | 17.9.5 (including) | 17.9.5 (including) |
Ios_xe | Cisco | 17.9.5a (including) | 17.9.5a (including) |
Ios_xe | Cisco | 17.9.5b (including) | 17.9.5b (including) |
Ios_xe | Cisco | 17.9.5e (including) | 17.9.5e (including) |
Ios_xe | Cisco | 17.9.5f (including) | 17.9.5f (including) |
Ios_xe | Cisco | 17.9.6 (including) | 17.9.6 (including) |
Ios_xe | Cisco | 17.9.6a (including) | 17.9.6a (including) |
Ios_xe | Cisco | 17.10.1 (including) | 17.10.1 (including) |
Ios_xe | Cisco | 17.10.1a (including) | 17.10.1a (including) |
Ios_xe | Cisco | 17.10.1b (including) | 17.10.1b (including) |
Ios_xe | Cisco | 17.11.1 (including) | 17.11.1 (including) |
Ios_xe | Cisco | 17.11.1a (including) | 17.11.1a (including) |
Ios_xe | Cisco | 17.12.1 (including) | 17.12.1 (including) |
Ios_xe | Cisco | 17.12.1w (including) | 17.12.1w (including) |
Ios_xe | Cisco | 17.12.1x (including) | 17.12.1x (including) |
Ios_xe | Cisco | 17.12.1y (including) | 17.12.1y (including) |
Ios_xe | Cisco | 17.12.1z (including) | 17.12.1z (including) |
Ios_xe | Cisco | 17.12.1z1 (including) | 17.12.1z1 (including) |
Ios_xe | Cisco | 17.12.2 (including) | 17.12.2 (including) |
Ios_xe | Cisco | 17.12.2a (including) | 17.12.2a (including) |
Ios_xe | Cisco | 17.12.3 (including) | 17.12.3 (including) |
Ios_xe | Cisco | 17.12.3a (including) | 17.12.3a (including) |
Ios_xe | Cisco | 17.12.4 (including) | 17.12.4 (including) |
Ios_xe | Cisco | 17.12.4a (including) | 17.12.4a (including) |
Ios_xe | Cisco | 17.12.4b (including) | 17.12.4b (including) |
Ios_xe | Cisco | 17.13.1 (including) | 17.13.1 (including) |
Ios_xe | Cisco | 17.13.1a (including) | 17.13.1a (including) |
Ios_xe | Cisco | 17.14.1 (including) | 17.14.1 (including) |
Ios_xe | Cisco | 17.14.1a (including) | 17.14.1a (including) |
This weakness can be generally described as mismatching memory management routines, such as:
When the memory management functions are mismatched, the consequences may be as severe as code execution, memory corruption, or program crash. Consequences and ease of exploit will vary depending on the implementation of the routines and the object being managed.