Security Advisory - Memory Leak Vulnerability in Some Huawei Routers

2016-12-21T00:00:00
ID HUAWEI-SA-20161221-01-LDP-EN
Type huawei
Reporter Huawei Technologies
Modified 2016-12-21T00:00:00

Description

Some Huawei products have a memory leak vulnerability. An unauthenticated attacker may send specific Label Distribution Protocol (LDP) packets to the devices. When the values of some parameters in the packet are abnormal, the LDP processing module does not release the memory to handle the packet, resulting in memory leak. (Vulnerability ID: HWPSIRT-2016-08055)  This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2016-8784.  Huawei has released software updates to fix this vulnerability. This advisory is available at the following link: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20161221-01-ldp-en