Guest

Preview Tool

Cisco Bug: CSCvt61876 - IOS-XE FW feature crashes while inspecting TCP packet with incorrect session packet state.

Last Modified

Sep 10, 2020

Products (1)

  • Cisco ASR 1000 Series Aggregation Services Routers

Known Affected Releases

16.9.3

Description (partial)

Symptom:
IOS-XE FW exceeds the half open max sessions with a block time, firewall feature drops TCP SYN packet and closes all the half open sessions associated with host and sends at TCP RST. When traversing the list of half open sessions,  the session was not setup properly causing the TCP RST logic to access a invalid memory (NULL pointer)

Conditions:
IOS-XE FW feature drops TCP SYN packet and drops flows associated with host. In this case the session was not setup properly so we access an invalid memory location.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.