An interface queue wedge is a class of vulnerability in which certain packets are received and queued by a Cisco IOS router or switch, but due to a processing error, are never removed from the queue. This is a problem as there are a finite number of packets that may be queued on an individual interface. Should the queue become full, the device will be unable to receive new traffic via that interface.
Although this type of problem could affect any networked device, queue wedges are a classic security problem for Cisco IOS. There have been several instances of queue wedges on Cisco IOS that resulted in Cisco Security Advisories. Here are some examples:
- Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities
- Cisco IOS DHCP Blocked Interface Denial-of-Service
- Cisco IOS Interface Blocked by IPv4 Packets
In order to gain a better understanding of why these vulnerabilities exist and are considered severe, we need to examine things in a bit more detail.