Junos OS and Junos OS Evolved: A malformed BGP tunnel encapsulation attribute will lead to an rpd crash
Description
An Improper Validation of Syntactic Correctness of Input vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).
If a BGP update is received over an established BGP session which contains a tunnel encapsulation attribute with a specifically malformed TLV, rpd will crash and restart.
This issue affects Juniper Networks Junos OS: * 20.4 versions 20.4R1 and later versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2;
Junos OS Evolved: * 20.4-EVO versions 20.4R1-EVO and later versions earlier than 20.4R3-S9-EVO; * 21.2-EVO versions earlier than 21.2R3-S7-EVO; * 21.3-EVO versions earlier than 21.3R3-S5-EVO; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S3-EVO; * 22.3-EVO versions earlier than 22.3R3-S1-EVO; * 22.4-EVO versions earlier than 22.4R3-EVO; * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO;
This issue does not affect Juniper Networks * Junos OS versions earlier than 20.4R1; * Junos OS Evolved versions earlier than 20.4R1-EVO.
This is a related but separate issue than the one described in JSA79095.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
320.4R1-EVO to before 20.4R3-S9-EVO; 21.2-EVO before 21.2R3-S7-EVO; 21.3-EVO before 21.3R3-S5-EVO; 21.4-EVO before 21.4R3-S5-EVO; 22.1-EVO before 22.1R3-S4-EVO; 22.2-EVO before 22.2R3-S3-EVO; 22.3-EVO before 22.3R3-S1-EVO; 22.4-EVO before 22.4R3-EVO; 23.2-EVO before 23.2R1-S2-EVO/23.2R2-EVO+ 1 more
- (no CPE)range: 20.4R1-EVO to before 20.4R3-S9-EVO; 21.2-EVO before 21.2R3-S7-EVO; 21.3-EVO before 21.3R3-S5-EVO; 21.4-EVO before 21.4R3-S5-EVO; 22.1-EVO before 22.1R3-S4-EVO; 22.2-EVO before 22.2R3-S3-EVO; 22.3-EVO before 22.3R3-S1-EVO; 22.4-EVO before 22.4R3-EVO; 23.2-EVO before 23.2R1-S2-EVO/23.2R2-EVO
- (no CPE)range: 20.4-EVO
- Range: 20.4R1 to before 20.4R3-S9; 21.2 before 21.2R3-S7; 21.3 before 21.3R3-S5; 21.4 before 21.4R3-S5; 22.1 before 22.1R3-S4; 22.2 before 22.2R3-S3; 22.3 before 22.3R3-S1; 22.4 before 22.4R3; 23.2 before 23.2R1-S2/23.2R2
Patches
Vulnerability mechanics
References
2- supportportal.juniper.net/JSA75739mitrevendor-advisory
- www.first.org/cvss/calculator/4.0mitretechnical-description
News mentions
0No linked articles in our index yet.