#VU109383 Memory leak in Arista Extensible Operating System (EOS) - CVE-2024-9135

Cybersecurity Help s.r.o.

Published: 2025-05-17

Vulnerability identifier: #VU109383

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-9135

CWE-ID: CWE-401

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Arista Extensible Operating System (EOS)
Operating systems & Components / Operating system

Vendor: Arista Networks

Description
The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak on systems with configured BGP Link State. A remote BGP peer flap can force the BGP agent to leak memory and perform denial of service attack.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Arista Extensible Operating System (EOS): before

External links
https://www.arista.com/en/support/advisories-notices/security-advisory/21092-security-advisory-0110

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Denial of service in Arista EOS with BGP Link State