CVE-2024-7095
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
On affected platforms running Arista EOS with SNMP configured, if “snmp-server transmit max-size” is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Arista Networks | EOS | 4.32.0F <= 4.32.2F | affected |
| Arista Networks | EOS | 4.31.0M <= 4.31.4M | affected |
| Arista Networks | EOS | 4.30.0M <= 4.30.7M | affected |
| Arista Networks | EOS | 4.29.0 | affected |
| Arista Networks | EOS | 4.28.0 | affected |
| Arista Networks | EOS | 4.27.0 | affected |
| Arista Networks | EOS | 4.26.0 | affected |
| Arista Networks | EOS | 4.25.0 | affected |
| Arista Networks | EOS | 4.24.0 | affected |
| Arista Networks | EOS | 4.23.0 | affected |
| Arista Networks | EOS | 4.22.0 | affected |
Weaknesses
- cwe-401
Workarounds
The workaround is to disable snmp-server transmit max-size configuration:
no snmp-server transmit max-size
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.