Memory Leak Vulnerability in Arista EOS with SNMP Configuration
CVE-2024-7095
Currently unrated
What is CVE-2024-7095?
On systems running Arista EOS where SNMP is configured, an issue arises when the 'snmp-server transmit max-size' parameter is set. Under specific conditions, a crafted packet can exploit this configuration, leading to a memory leak within the snmpd process. This malfunction could terminate the snmpd process, resulting in SNMP requests failing until the service is restarted, and it may create additional memory pressure that risks the stability of other processes within the switch. Users are advised to review their SNMP configurations and take preventive measures as outlined in Arista's security advisory.