Arista Security Advisories

Date: November 6th, 2019 Version: 1.0 Revision Date Changes 1.0 November 6th, 2019 Initial Release     The CVE-IDs tracking this issue: CVE-2019-9512, CVE-2019-9514, and CVE-2019-9515 CVSSv3 Base Score: 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) Description This advisory documents the exposure of Arista’s products to the above-listed CVEs regarding an HTTP2 OOM security vulnerability in Go’s gRPC library. The vulnerability is in an open-source software, Go’s gRPC li ...

Date: October 9th, 2019 Version: 1.0 Revision Date Changes 1.0 October 9th, 2019 Initial Release     The CVE-IDs tracking this issue are CVE-2019-14810. CVSSv3 Base Score: 5.9 (AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) Description This advisory is to document a security vulnerability that was identified internally by Arista Networks. Arista has not received evidence of this vulnerability being exploited, as of the date of this update. The vulnerability is in the impleme ...