CVE-2023-20027: Use After Free
First published: Thu Mar 23 2023(Updated: )
A vulnerability in the implementation of the IPv4 Virtual Fragmentation Reassembly (VFR) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper reassembly of large packets that occurs when VFR is enabled on either a tunnel interface or on a physical interface that is configured with a maximum transmission unit (MTU) greater than 4,615 bytes. An attacker could exploit this vulnerability by sending fragmented packets through a VFR-enabled interface on an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco IOS XE | =3.9.0as | |
| Cisco IOS XE | =3.9.1s | |
| Cisco IOS XE | =3.9.2s | |
| Cisco IOS XE | =3.10.0s | |
| Cisco IOS XE | =3.10.1s | |
| Cisco IOS XE | =3.10.2as | |
| Cisco IOS XE | =3.10.2s | |
| Cisco IOS XE | =3.10.2ts | |
| Cisco IOS XE | =3.10.3s | |
| Cisco IOS XE | =3.10.4s | |
| Cisco IOS XE | =3.10.5s | |
| Cisco IOS XE | =3.10.6s | |
| Cisco IOS XE | =3.10.7s | |
| Cisco IOS XE | =3.10.8as | |
| Cisco IOS XE | =3.10.8s | |
| Cisco IOS XE | =3.10.9s | |
| Cisco IOS XE | =3.10.10s | |
| Cisco IOS XE | =3.11.0s | |
| Cisco IOS XE | =3.11.1s | |
| Cisco IOS XE | =3.11.2s | |
| Cisco IOS XE | =3.11.3s | |
| Cisco IOS XE | =3.11.4s | |
| Cisco IOS XE | =3.12.0s | |
| Cisco IOS XE | =3.12.1s | |
| Cisco IOS XE | =3.12.2s | |
| Cisco IOS XE | =3.12.3s | |
| Cisco IOS XE | =3.12.4s | |
| Cisco IOS XE | =3.13.0s | |
| Cisco IOS XE | =3.13.1s | |
| Cisco IOS XE | =3.13.2s | |
| Cisco IOS XE | =3.13.3s | |
| Cisco IOS XE | =3.13.4s | |
| Cisco IOS XE | =3.13.5s | |
| Cisco IOS XE | =3.13.6as | |
| Cisco IOS XE | =3.13.6s | |
| Cisco IOS XE | =3.13.7s | |
| Cisco IOS XE | =3.13.8s | |
| Cisco IOS XE | =3.13.9s | |
| Cisco IOS XE | =3.13.10s | |
| Cisco IOS XE | =3.14.0s | |
| Cisco IOS XE | =3.14.1s | |
| Cisco IOS XE | =3.14.2s | |
| Cisco IOS XE | =3.14.3s | |
| Cisco IOS XE | =3.14.4s | |
| Cisco IOS XE | =3.15.0s | |
| Cisco IOS XE | =3.15.1cs | |
| Cisco IOS XE | =3.15.1s | |
| Cisco IOS XE | =3.15.2s | |
| Cisco IOS XE | =3.15.3s | |
| Cisco IOS XE | =3.15.4s | |
| Cisco IOS XE | =3.16.0cs | |
| Cisco IOS XE | =3.16.0s | |
| Cisco IOS XE | =3.16.1as | |
| Cisco IOS XE | =3.16.2s | |
| Cisco IOS XE | =3.16.3s | |
| Cisco IOS XE | =3.16.4as | |
| Cisco IOS XE | =3.16.4bs | |
| Cisco IOS XE | =3.16.4cs | |
| Cisco IOS XE | =3.16.4ds | |
| Cisco IOS XE | =3.16.4es | |
| Cisco IOS XE | =3.16.4gs | |
| Cisco IOS XE | =3.16.5as | |
| Cisco IOS XE | =3.16.5bs | |
| Cisco IOS XE | =3.16.5s | |
| Cisco IOS XE | =3.16.6bs | |
| Cisco IOS XE | =3.16.6s | |
| Cisco IOS XE | =3.16.7as | |
| Cisco IOS XE | =3.16.7bs | |
| Cisco IOS XE | =3.16.7s | |
| Cisco IOS XE | =3.16.8s | |
| Cisco IOS XE | =3.16.9s | |
| Cisco IOS XE | =3.16.10s | |
| Cisco IOS XE | =3.17.0s | |
| Cisco IOS XE | =3.17.1s | |
| Cisco IOS XE | =3.17.2s | |
| Cisco IOS XE | =3.17.3s | |
| Cisco IOS XE | =3.17.4s | |
| Cisco IOS XE | =3.18.0as | |
| Cisco IOS XE | =3.18.2asp | |
| Cisco IOS XE | =16.2.1 | |
| Cisco IOS XE | =16.2.2 | |
| Cisco IOS XE | =16.3.1 | |
| Cisco IOS XE | =16.3.1a | |
| Cisco IOS XE | =16.3.2 | |
| Cisco IOS XE | =16.3.3 | |
| Cisco IOS XE | =16.3.4 | |
| Cisco IOS XE | =16.3.5 | |
| Cisco IOS XE | =16.3.6 | |
| Cisco IOS XE | =16.3.7 | |
| Cisco IOS XE | =16.3.8 | |
| Cisco IOS XE | =16.3.9 | |
| Cisco IOS XE | =16.3.10 | |
| Cisco IOS XE | =16.3.11 | |
| Cisco IOS XE | =16.4.1 | |
| Cisco IOS XE | =16.4.2 | |
| Cisco IOS XE | =16.4.3 | |
| Cisco IOS XE | =16.5.1 | |
| Cisco IOS XE | =16.5.1b | |
| Cisco IOS XE | =16.5.2 | |
| Cisco IOS XE | =16.5.3 | |
| Cisco IOS XE | =16.6.1 | |
| Cisco IOS XE | =16.6.2 | |
| Cisco IOS XE | =16.6.3 | |
| Cisco IOS XE | =16.6.4 | |
| Cisco IOS XE | =16.6.4s | |
| Cisco IOS XE | =16.6.5 | |
| Cisco IOS XE | =16.6.6 | |
| Cisco IOS XE | =16.6.7 | |
| Cisco IOS XE | =16.6.8 | |
| Cisco IOS XE | =16.6.9 | |
| Cisco IOS XE | =16.6.10 | |
| Cisco IOS XE | =16.7.1 | |
| Cisco IOS XE | =16.7.2 | |
| Cisco IOS XE | =16.7.3 | |
| Cisco IOS XE | =16.8.1 | |
| Cisco IOS XE | =16.8.1s | |
| Cisco IOS XE | =16.8.2 | |
| Cisco IOS XE | =16.8.3 | |
| Cisco IOS XE | =16.9.1 | |
| Cisco IOS XE | =16.9.1s | |
| Cisco IOS XE | =16.9.2 | |
| Cisco IOS XE | =16.9.2s | |
| Cisco IOS XE | =16.9.3 | |
| Cisco IOS XE | =16.9.3s | |
| Cisco IOS XE | =16.9.4 | |
| Cisco IOS XE | =16.9.5 | |
| Cisco IOS XE | =16.9.6 | |
| Cisco IOS XE | =16.9.7 | |
| Cisco IOS XE | =16.9.8 | |
| Cisco IOS XE | =16.9.8a | |
| Cisco IOS XE | =16.9.8c | |
| Cisco IOS XE | =16.10.1 | |
| Cisco IOS XE | =16.10.1a | |
| Cisco IOS XE | =16.10.1b | |
| Cisco IOS XE | =16.10.1e | |
| Cisco IOS XE | =16.10.1s | |
| Cisco IOS XE | =16.10.2 | |
| Cisco IOS XE | =16.10.3 | |
| Cisco IOS XE | =16.11.1 | |
| Cisco IOS XE | =16.11.1a | |
| Cisco IOS XE | =16.11.1c | |
| Cisco IOS XE | =16.11.1s | |
| Cisco IOS XE | =16.11.2 | |
| Cisco IOS XE | =16.12.1 | |
| Cisco IOS XE | =16.12.1a | |
| Cisco IOS XE | =16.12.1c | |
| Cisco IOS XE | =16.12.1s | |
| Cisco IOS XE | =16.12.2 | |
| Cisco IOS XE | =16.12.2s | |
| Cisco IOS XE | =16.12.2t | |
| Cisco IOS XE | =16.12.3 | |
| Cisco IOS XE | =16.12.3s | |
| Cisco IOS XE | =16.12.4 | |
| Cisco IOS XE | =16.12.5 | |
| Cisco IOS XE | =16.12.6 | |
| Cisco IOS XE | =16.12.7 | |
| Cisco IOS XE | =16.12.8 | |
| Cisco IOS XE | =17.1.1 | |
| Cisco IOS XE | =17.1.1s | |
| Cisco IOS XE | =17.1.1t | |
| Cisco IOS XE | =17.1.2 | |
| Cisco IOS XE | =17.1.3 | |
| Cisco IOS XE | =17.2.1 | |
| Cisco IOS XE | =17.2.1r | |
| Cisco IOS XE | =17.2.1v | |
| Cisco IOS XE | =17.2.2 | |
| Cisco IOS XE | =17.2.3 | |
| Cisco IOS XE | =17.3.1 | |
| Cisco IOS XE | =17.3.1a | |
| Cisco IOS XE | =17.3.2 | |
| Cisco IOS XE | =17.3.3 | |
| Cisco IOS XE | =17.3.4 | |
| Cisco IOS XE | =17.3.4a | |
| Cisco IOS XE | =17.3.5 | |
| Cisco IOS XE | =17.4.1 | |
| Cisco IOS XE | =17.4.1a | |
| Cisco IOS XE | =17.4.1b | |
| Cisco IOS XE | =17.4.2 | |
| Cisco IOS XE | =17.5.1 | |
| Cisco IOS XE | =17.5.1a | |
| Cisco IOS XE | =17.6.1 | |
| Cisco IOS XE | =17.6.1a | |
| Cisco IOS XE | =17.6.2 | |
| Cisco IOS XE | =17.6.3 | |
| Cisco IOS XE | =17.6.3a | |
| Cisco IOS XE | =17.7.1 | |
| Cisco IOS XE | =17.7.1a | |
| Cisco IOS XE | =17.7.2 | |
| Cisco IOS XE | =17.8.1 | |
| Cisco IOS XE | =17.8.1a | |
| Cisco Catalyst 8000v Edge | ||
| Cisco Cloud Services Router 1000v | ||
| Cisco 1000 Integrated Services Router | ||
| Cisco 1100-4g\/6g Integrated Services Router | ||
| Cisco 1100-4g Integrated Services Router | ||
| Cisco 1100-4p Integrated Services Router | ||
| Cisco 1100-6g Integrated Services Router | ||
| Cisco 1100-8p Integrated Services Router | ||
| Cisco 1100 Integrated Services Router | ||
| Cisco 1101-4p Integrated Services Router | ||
| Cisco 1101 Integrated Services Router | ||
| Cisco 1109-2p Integrated Services Router | ||
| Cisco 1109-4p Integrated Services Router | ||
| Cisco 1109 Integrated Services Router | ||
| Cisco 1111x-8p Integrated Services Router | ||
| Cisco 1111x Integrated Services Router | ||
| Cisco 111x Integrated Services Router | ||
| Cisco 1120 Integrated Services Router | ||
| Cisco 1131 Integrated Services Router | ||
| Cisco 1160 Integrated Services Router | ||
| Cisco 4221 Integrated Services Router | ||
| Cisco 4321 Integrated Services Router | ||
| Cisco 4331 Integrated Services Router | ||
| Cisco 4351 Integrated Services Router | ||
| Cisco 4431 Integrated Services Router | ||
| Cisco 4451-x Integrated Services Router | ||
| Cisco 4461 Integrated Services Router | ||
| Cisco C8200-1n-4t | ||
| Cisco C8200l-1n-4t | ||
| Cisco C8500l-8s4x | ||
| Cisco Catalyst 8300-1n1s-4t2x | ||
| Cisco Catalyst 8300-1n1s-6t | ||
| Cisco Catalyst 8300-2n2s-4t2x | ||
| Cisco Catalyst 8300-2n2s-6t |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-index
- vendor/cisco
- canonical/cisco ios xe
- version/cisco ios xe/3.9.0as
- version/cisco ios xe/3.9.1s
- version/cisco ios xe/3.9.2s
- version/cisco ios xe/3.10.0s
- version/cisco ios xe/3.10.1s
- version/cisco ios xe/3.10.2as
- version/cisco ios xe/3.10.2s
- version/cisco ios xe/3.10.2ts
- version/cisco ios xe/3.10.3s
- version/cisco ios xe/3.10.4s
- version/cisco ios xe/3.10.5s
- version/cisco ios xe/3.10.6s
- version/cisco ios xe/3.10.7s
- version/cisco ios xe/3.10.8as
- version/cisco ios xe/3.10.8s
- version/cisco ios xe/3.10.9s
- version/cisco ios xe/3.10.10s
- version/cisco ios xe/3.11.0s
- version/cisco ios xe/3.11.1s
- version/cisco ios xe/3.11.2s
- version/cisco ios xe/3.11.3s
- version/cisco ios xe/3.11.4s
- version/cisco ios xe/3.12.0s
- version/cisco ios xe/3.12.1s
- version/cisco ios xe/3.12.2s
- version/cisco ios xe/3.12.3s
- version/cisco ios xe/3.12.4s
- version/cisco ios xe/3.13.0s
- version/cisco ios xe/3.13.1s
- version/cisco ios xe/3.13.2s
- version/cisco ios xe/3.13.3s
- version/cisco ios xe/3.13.4s
- version/cisco ios xe/3.13.5s
- version/cisco ios xe/3.13.6as
- version/cisco ios xe/3.13.6s
- version/cisco ios xe/3.13.7s
- version/cisco ios xe/3.13.8s
- version/cisco ios xe/3.13.9s
- version/cisco ios xe/3.13.10s
- version/cisco ios xe/3.14.0s
- version/cisco ios xe/3.14.1s
- version/cisco ios xe/3.14.2s
- version/cisco ios xe/3.14.3s
- version/cisco ios xe/3.14.4s
- version/cisco ios xe/3.15.0s
- version/cisco ios xe/3.15.1cs
- version/cisco ios xe/3.15.1s
- version/cisco ios xe/3.15.2s
- version/cisco ios xe/3.15.3s
- version/cisco ios xe/3.15.4s
- version/cisco ios xe/3.16.0cs
- version/cisco ios xe/3.16.0s
- version/cisco ios xe/3.16.1as
- version/cisco ios xe/3.16.2s
- version/cisco ios xe/3.16.3s
- version/cisco ios xe/3.16.4as
- version/cisco ios xe/3.16.4bs
- version/cisco ios xe/3.16.4cs
- version/cisco ios xe/3.16.4ds
- version/cisco ios xe/3.16.4es
- version/cisco ios xe/3.16.4gs
- version/cisco ios xe/3.16.5as
- version/cisco ios xe/3.16.5bs
- version/cisco ios xe/3.16.5s
- version/cisco ios xe/3.16.6bs
- version/cisco ios xe/3.16.6s
- version/cisco ios xe/3.16.7as
- version/cisco ios xe/3.16.7bs
- version/cisco ios xe/3.16.7s
- version/cisco ios xe/3.16.8s
- version/cisco ios xe/3.16.9s
- version/cisco ios xe/3.16.10s
- version/cisco ios xe/3.17.0s
- version/cisco ios xe/3.17.1s
- version/cisco ios xe/3.17.2s
- version/cisco ios xe/3.17.3s
- version/cisco ios xe/3.17.4s
- version/cisco ios xe/3.18.0as
- version/cisco ios xe/3.18.2asp
- version/cisco ios xe/16.2.1
- version/cisco ios xe/16.2.2
- version/cisco ios xe/16.3.1
- version/cisco ios xe/16.3.1a
- version/cisco ios xe/16.3.2
- version/cisco ios xe/16.3.3
- version/cisco ios xe/16.3.4
- version/cisco ios xe/16.3.5
- version/cisco ios xe/16.3.6
- version/cisco ios xe/16.3.7
- version/cisco ios xe/16.3.8
- version/cisco ios xe/16.3.9
- version/cisco ios xe/16.3.10
- version/cisco ios xe/16.3.11
- version/cisco ios xe/16.4.1
- version/cisco ios xe/16.4.2
- version/cisco ios xe/16.4.3
- version/cisco ios xe/16.5.1
- version/cisco ios xe/16.5.1b
- version/cisco ios xe/16.5.2
- version/cisco ios xe/16.5.3
- version/cisco ios xe/16.6.1
- version/cisco ios xe/16.6.2
- version/cisco ios xe/16.6.3
- version/cisco ios xe/16.6.4
- version/cisco ios xe/16.6.4s
- version/cisco ios xe/16.6.5
- version/cisco ios xe/16.6.6
- version/cisco ios xe/16.6.7
- version/cisco ios xe/16.6.8
- version/cisco ios xe/16.6.9
- version/cisco ios xe/16.6.10
- version/cisco ios xe/16.7.1
- version/cisco ios xe/16.7.2
- version/cisco ios xe/16.7.3
- version/cisco ios xe/16.8.1
- version/cisco ios xe/16.8.1s
- version/cisco ios xe/16.8.2
- version/cisco ios xe/16.8.3
- version/cisco ios xe/16.9.1
- version/cisco ios xe/16.9.1s
- version/cisco ios xe/16.9.2
- version/cisco ios xe/16.9.2s
- version/cisco ios xe/16.9.3
- version/cisco ios xe/16.9.3s
- version/cisco ios xe/16.9.4
- version/cisco ios xe/16.9.5
- version/cisco ios xe/16.9.6
- version/cisco ios xe/16.9.7
- version/cisco ios xe/16.9.8
- version/cisco ios xe/16.9.8a
- version/cisco ios xe/16.9.8c
- version/cisco ios xe/16.10.1
- version/cisco ios xe/16.10.1a
- version/cisco ios xe/16.10.1b
- version/cisco ios xe/16.10.1e
- version/cisco ios xe/16.10.1s
- version/cisco ios xe/16.10.2
- version/cisco ios xe/16.10.3
- version/cisco ios xe/16.11.1
- version/cisco ios xe/16.11.1a
- version/cisco ios xe/16.11.1c
- version/cisco ios xe/16.11.1s
- version/cisco ios xe/16.11.2
- version/cisco ios xe/16.12.1
- version/cisco ios xe/16.12.1a
- version/cisco ios xe/16.12.1c
- version/cisco ios xe/16.12.1s
- version/cisco ios xe/16.12.2
- version/cisco ios xe/16.12.2s
- version/cisco ios xe/16.12.2t
- version/cisco ios xe/16.12.3
- version/cisco ios xe/16.12.3s
- version/cisco ios xe/16.12.4
- version/cisco ios xe/16.12.5
- version/cisco ios xe/16.12.6
- version/cisco ios xe/16.12.7
- version/cisco ios xe/16.12.8
- version/cisco ios xe/17.1.1
- version/cisco ios xe/17.1.1s
- version/cisco ios xe/17.1.1t
- version/cisco ios xe/17.1.2
- version/cisco ios xe/17.1.3
- version/cisco ios xe/17.2.1
- version/cisco ios xe/17.2.1r
- version/cisco ios xe/17.2.1v
- version/cisco ios xe/17.2.2
- version/cisco ios xe/17.2.3
- version/cisco ios xe/17.3.1
- version/cisco ios xe/17.3.1a
- version/cisco ios xe/17.3.2
- version/cisco ios xe/17.3.3
- version/cisco ios xe/17.3.4
- version/cisco ios xe/17.3.4a
- version/cisco ios xe/17.3.5
- version/cisco ios xe/17.4.1
- version/cisco ios xe/17.4.1a
- version/cisco ios xe/17.4.1b
- version/cisco ios xe/17.4.2
- version/cisco ios xe/17.5.1
- version/cisco ios xe/17.5.1a
- version/cisco ios xe/17.6.1
- version/cisco ios xe/17.6.1a
- version/cisco ios xe/17.6.2
- version/cisco ios xe/17.6.3
- version/cisco ios xe/17.6.3a
- version/cisco ios xe/17.7.1
- version/cisco ios xe/17.7.1a
- version/cisco ios xe/17.7.2
- version/cisco ios xe/17.8.1
- version/cisco ios xe/17.8.1a
- canonical/cisco catalyst 8000v edge
- canonical/cisco cloud services router 1000v
- canonical/cisco 1000 integrated services router
- canonical/cisco 1100-4g\/6g integrated services router
- canonical/cisco 1100-4g integrated services router
- canonical/cisco 1100-4p integrated services router
- canonical/cisco 1100-6g integrated services router
- canonical/cisco 1100-8p integrated services router
- canonical/cisco 1100 integrated services router
- canonical/cisco 1101-4p integrated services router
- canonical/cisco 1101 integrated services router
- canonical/cisco 1109-2p integrated services router
- canonical/cisco 1109-4p integrated services router
- canonical/cisco 1109 integrated services router
- canonical/cisco 1111x-8p integrated services router
- canonical/cisco 1111x integrated services router
- canonical/cisco 111x integrated services router
- canonical/cisco 1120 integrated services router
- canonical/cisco 1131 integrated services router
- canonical/cisco 1160 integrated services router
- canonical/cisco 4221 integrated services router
- canonical/cisco 4321 integrated services router
- canonical/cisco 4331 integrated services router
- canonical/cisco 4351 integrated services router
- canonical/cisco 4431 integrated services router
- canonical/cisco 4451-x integrated services router
- canonical/cisco 4461 integrated services router
- canonical/cisco c8200-1n-4t
- canonical/cisco c8200l-1n-4t
- canonical/cisco c8500l-8s4x
- canonical/cisco catalyst 8300-1n1s-4t2x
- canonical/cisco catalyst 8300-1n1s-6t
- canonical/cisco catalyst 8300-2n2s-4t2x
- canonical/cisco catalyst 8300-2n2s-6t