Main Vulnerability Database Vulnerabilities #VU109304

Memory leak in Arista Extensible Operating System (EOS) - CVE-2023-24511

Published: May 17, 2025

Vulnerability identifier: #VU109304

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-24511

CWE-ID: CWE-401

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Arista Networks

Affected software:
Arista Extensible Operating System (EOS)

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to memory leak within the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system. A remote attacker can perform a denial of service attack.

How to mitigate CVE-2023-24511

Install update from vendor's website.

Sources

https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084

Memory leak in Arista Extensible Operating System (EOS) - CVE-2023-24511

Detailed vulnerability description

How to mitigate CVE-2023-24511

Sources

Please verify you're human