CVE-2015-0646

EUVD-2015-0659
Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted TCP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum94811.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
ciscoios_xe
3.3xo.0:xo.0
ciscoios_xe
3.3xo.1:xo.1
ciscoios_xe
3.3xo.2:xo.2
ciscoios_xe
3.5e.0:e.0
ciscoios_xe
3.5e.1:e.1
ciscoios_xe
3.5e.2:e.2
ciscoios_xe
3.5e.3:e.3
ciscoios_xe
3.6e.0:e.0
ciscoios_xe
3.6e.1:e.1
ciscoios_xe
3.8s.0:s.0
ciscoios_xe
3.8s.1:s.1
ciscoios_xe
3.8s.2:s.2
ciscoios_xe
3.8s_base:s_base
ciscoios_xe
3.9s.0:s.0
ciscoios_xe
3.9s.1:s.1
ciscoios_xe
3.9s.2:s.2
ciscoios_xe
3.10s.0:s.0
ciscoios_xe
3.10s.0a:s.0a
ciscoios_xe
3.10s.1:s.1
ciscoios_xe
3.10s.2:s.2
ciscoios_xe
3.10s.3:s.3
ciscoios_xe
3.10s.4:s.4
ciscoios_xe
3.11s.0:s.0
ciscoios_xe
3.11s.1:s.1
ciscoios_xe
3.11s.2:s.2
ciscoios_xe
3.11s.3:s.3
ciscoios_xe
3.11s.4:s.4
ciscoios_xe
3.12s.0:s.0
ciscoios_xe
3.12s.1:s.1
ciscoios
12.2
ciscoios
12.4
ciscoios
15.0
ciscoios
15.1
ciscoios
15.2
ciscoios
15.3
ciscoios
15.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak
http://www.securityfocus.com/bid/73340
http://www.securitytracker.com/id/1031980
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak
http://www.securityfocus.com/bid/73340
http://www.securitytracker.com/id/1031980