CVE-2015-0646

Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, 15.2, 15.3, and 15.4 and IOS XE 3.3.xXO, 3.5.xE, 3.6.xE, 3.8.xS through 3.10.xS before 3.10.5S, and 3.11.xS and 3.12.xS before 3.12.3S allows remote attackers to cause a denial of service (memory consumption or device reload) by sending crafted TCP packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum94811.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:C
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
ciscoios_xe
3.3xo.0:xo.0
ciscoios_xe
3.3xo.1:xo.1
ciscoios_xe
3.3xo.2:xo.2
ciscoios_xe
3.5e.0:e.0
ciscoios_xe
3.5e.1:e.1
ciscoios_xe
3.5e.2:e.2
ciscoios_xe
3.5e.3:e.3
ciscoios_xe
3.6e.0:e.0
ciscoios_xe
3.6e.1:e.1
ciscoios_xe
3.8s.0:s.0
ciscoios_xe
3.8s.1:s.1
ciscoios_xe
3.8s.2:s.2
ciscoios_xe
3.8s_base:s_base
ciscoios_xe
3.9s.0:s.0
ciscoios_xe
3.9s.1:s.1
ciscoios_xe
3.9s.2:s.2
ciscoios_xe
3.10s.0:s.0
ciscoios_xe
3.10s.0a:s.0a
ciscoios_xe
3.10s.1:s.1
ciscoios_xe
3.10s.2:s.2
ciscoios_xe
3.10s.3:s.3
ciscoios_xe
3.10s.4:s.4
ciscoios_xe
3.11s.0:s.0
ciscoios_xe
3.11s.1:s.1
ciscoios_xe
3.11s.2:s.2
ciscoios_xe
3.11s.3:s.3
ciscoios_xe
3.11s.4:s.4
ciscoios_xe
3.12s.0:s.0
ciscoios_xe
3.12s.1:s.1
ciscoios
12.2
ciscoios
12.4
ciscoios
15.0
ciscoios
15.1
ciscoios
15.2
ciscoios
15.3
ciscoios
15.4
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak
http://www.securityfocus.com/bid/73340
http://www.securitytracker.com/id/1031980
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-tcpleak
http://www.securityfocus.com/bid/73340
http://www.securitytracker.com/id/1031980