CVE-2017-2312 — Missing Release of Resource after Effective Lifetime in Networks Junos OS With LDP Enabled

CWE-772 — Missing Release of Resource after Effective Lifetime3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 36.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS With LDP Enabled Juniper Junos Juniper Junos OS

Timeline

PublishedApr 24

Latest updateMay 13

Description

On Juniper Networks devices running Junos OS affected versions and with LDP enabled, a specific LDP packet destined to the RE (Routing Engine) will consume a small amount of the memory allocated for the rpd (routing protocol daemon) process. Over time, repeatedly receiving this type of LDP packet(s) will cause the memory to exhaust and the rpd process to crash and restart. It is not possible to free up the memory that has been consumed without restarting the rpd process. This issue affects Junos…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5juniper_networks/junos_os_with_ldp_enabled8 versions+7

▶NVDjuniper/junos7 versions+6

▶juniperjuniper/junos_os

🔴Vulnerability Details

GHSA

GHSA-xmvf-j3c4-7f2r: On Juniper Networks devices running Junos OS affected versions and with LDP enabled, a specific LDP packet destined to the RE (Routing Engine) will co↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2017-2312: On Juniper Networks devices running Junos OS affected versions and with LDP enabled, a specific LDP packet destined to the RE (Routing Engine) will co↗2017-04-24

▶