CVE-2017-2315Missing Release of Resource after Effective Lifetime in Networks Junos OS ON EX Series Ethernet Switches With Ipv6 Enabled

CWE-772Missing Release of Resource after Effective Lifetime4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 34.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Juniper Networks Junos OS ON EX Series Ethernet Switches With Ipv6 EnabledJuniper JunosJuniper EX Series+1 more
Timeline
PublishedApr 24
Latest updateMay 13

Description

On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet destined to an EX Series Ethernet Switch to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service. The affected Junos OS versions are: 12.3 prior to 12.3R12-S4, 12.3R13; 13.3 pri

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

NVDjuniper/junos10 versions+9

🔴Vulnerability Details

1
GHSA
GHSA-xrr6-r4jq-rrhc: On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may al2022-05-13

📋Vendor Advisories

1
Juniper
CVE-2017-2315: On Juniper Networks EX Series Ethernet Switches running affected Junos OS versions, a vulnerability in IPv6 processing has been discovered that may al2017-04-24

💬Community

1
Bugzilla
CVE-2017-11661 CVE-2017-11662 CVE-2017-11663 CVE-2017-11664 wildmidi: Multiple vulnerabilities2017-08-08