CVE-2023-24513

Severity CVSS v4.0:
Pending analysis
Type:
CWE-125 Out-of-bounds Read
Publication date:
12/04/2023
Last modified:
24/04/2023

Description

On affected platforms running Arista CloudEOS an issue in the Software Forwarding Engine (Sfe) can lead to a potential denial of service attack by sending malformed packets to the switch. This causes a leak of packet buffers and if enough malformed packets are received, the switch may eventually stop forwarding traffic.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:arista:cloudeos:*:*:*:*:*:*:*:* 4.26.0 (including) 4.26.9m (excluding)
cpe:2.3:a:arista:cloudeos:*:*:*:*:*:*:*:* 4.27.0 (including) 4.27.8m (excluding)
cpe:2.3:a:arista:cloudeos:*:*:*:*:*:*:*:* 4.28.0 (including) 4.28.5m (excluding)
cpe:2.3:a:arista:cloudeos:*:*:*:*:*:*:*:* 4.29.0 (including) 4.29.2f (excluding)
cpe:2.3:a:amazon:aws_marketplace:-:*:*:*:*:*:*:*
cpe:2.3:a:equinix:network_edge:-:*:*:*:*:*:*:*
cpe:2.3:a:google:google_cloud_platform_marketplace:-:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:azure_marketplace:-:*:*:*:*:*:*:*
cpe:2.3:h:arista:dca-200-veos:-:*:*:*:*:*:*:*