Cisco addressed two high severity memory exhaustion DoS vulnerabilities that reside in the IOS XR Network OS that runs on multiple carrier-grade routers. The company confirmed that both vulnerabilities are actively exploited in attacks in the wild. The IT giant has now released free Software Maintenance Upgrades (SMUs) to address the two vulnerabilities. The vulnerabilities are caused by insufficient queue management for Internet Group Management Protocol (IGMP) packets, it could be exploited by an attacker by sending crafted IGMP traffic to a vulnerable device.”]
Source: https://securityaffairs.co/wordpress/108936/hacking/cisco-fixes-ios-xr-flaws.html