Main Vulnerability Database Vulnerabilities #VU109304

#VU109304 Memory leak in Arista Extensible Operating System (EOS) - CVE-2023-24511

Published: May 17, 2025

Vulnerability identifier: #VU109304

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-24511

CWE-ID: CWE-401

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Arista Extensible Operating System (EOS)

Software vendor:
Arista Networks

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system. A remote attacker can perform a denial of service attack.

Remediation

Install update from vendor's website.

External links

https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084

#VU109304 Memory leak in Arista Extensible Operating System (EOS) - CVE-2023-24511

Description

Remediation

External links

Please verify you're human