Junos OS and Junos OS Evolved: Malformed BGP flowspec update causes RPD crash
Description
An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause an RPD crash leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Upon receipt of a malformed BGP flowspec update, RPD will crash resulting in a Denial of Service. This issue affects Juniper Networks Junos OS: All versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.1 versions prior to 19.1R3-S4; 19.2 versions prior to 19.2R3-S1; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R1-S1, 20.3R2; Juniper Networks Junos OS Evolved: All versions prior to 20.1R3-EVO; 20.2 versions prior to 20.2R2-EVO; 20.3 versions prior to 20.3R2-EVO;
Affected products
3< 20.1R3-EVO, < 20.2R2-EVO, < 20.3R2-EVO+ 1 more
- (no CPE)range: < 20.1R3-EVO, < 20.2R2-EVO, < 20.3R2-EVO
- (no CPE)range: unspecified
- Range: < 18.1R3-S11, < 18.2R3-S6, < 18.3R3-S4, < 18.4R3-S6, < 19.1R3-S4, < 19.2R3-S1, < 19.3R3-S1, < 19.4R3, < 20.1R2, < 20.2R2, < 20.3R1-S1, < 20.3R2
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.