Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service (device crash) via network traffic that triggers (1) fragmentation or (2) reassembly, aka Bug ID CSCtr56576.
http://www.securitytracker.com/id?1027005
http://www.cisco.com/en/US/docs/ios/ios_xe/3/release/notes/asr1k_caveats_33s.html