Cisco Bug: CSCvt61876 - IOS-XE FW feature crashes while inspecting TCP packet with incorrect session packet state.
Sep 10, 2020
- Cisco ASR 1000 Series Aggregation Services Routers
Known Affected Releases
Symptom: IOS-XE FW exceeds the half open max sessions with a block time, firewall feature drops TCP SYN packet and closes all the half open sessions associated with host and sends at TCP RST. When traversing the list of half open sessions, the session was not setup properly causing the TCP RST logic to access a invalid memory (NULL pointer) Conditions: IOS-XE FW feature drops TCP SYN packet and drops flows associated with host. In this case the session was not setup properly so we access an invalid memory location.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases