CNNVD-202510-2102 Information
CNNVD ID
CNNVD-202510-2102
Related CVE
- CNNVD Published: 2025-10-15
Description (Chinese)
Cisco IOS XE Software是美国思科(Cisco)公司的一种网络操作系统。 Cisco IOS XE Software存在安全漏洞,该漏洞源于HTTP解码器在解析HTTP标头的MIME字段时存在缓冲区处理逻辑错误,可能导致缓冲区欠读攻击或敏感信息泄露。
Description (English)
Cisco IOS XE Software is a network operating system of Cisco. Cisco IOS XE Software has a security loophole, which stems from a logical error in the handling of the buffer zone when the HTTP decoder deciphers the MIME field at the HTTP header, which may lead to an unread attack on the buffer zone or the disclosure of sensitive information.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
思科
Published
2025-10-15
Last Modified
2026-02-24
References
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort3-mime-vulns-tTL8PgVH https://vigilance.fr/vulnerability/Snort-out-of-bounds-memory-reading-via-HTTP-Decoder-MIME-48505 https://access.redhat.com/security/cve/cve-2025-20359