vulnerability
security-advisory-0043
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Nov 6, 2019 | Sep 4, 2024 | Apr 28, 2025 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Nov 6, 2019
Added
Sep 4, 2024
Modified
Apr 28, 2025
Description
This advisory documents the exposure of Arista's products to CVE-2019-9512, CVE-2019-9514, and CVE-2019-9515 regarding an HTTP2 OOM security vulnerability in Go's gRPC library. In EOS, the exposure is limited to the state streaming components - TerminAttr and OpenConfig. If TerminAttr or OpenConfig is enabled, an attacker could continually send data/flood that could cause the TerminAttr or OpenConfig agent to consume large amounts of memory, potentially leading to an OOM (Out of Memory) condition. The vulnerability is in an open-source software, Go's gRPC library, and Arista has not received evidence of this vulnerability being exploited, as of the date of initial release of this advisory.
Solution
upgrade-solution-CVE-2019-9512
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.