CVE-2020-1600
published 2020-01-15CVE-2020-1600: In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in…
medium6.5CVSS 3.1
AVNACLPRLUINSUCNINAH
In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition. This issue affects both SNMP over IPv4 and IPv6. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D90; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D238, 15.1X53-D592; 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R3-S2; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S4, 17.4R3; 18.1 versions prior to 18.1R3-S5; 18.2 versions prior to 18.2R3; 18.2X75 versions prior to 18.2X75-D50; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R2.
Affected
34 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos_os | — | — |
| juniper_networks | junos_os | >= 12.3X48 < 12.3X48-D90 | 12.3X48-D90 |
| juniper_networks | junos_os | >= 15.1 < 15.1R7-S6 | 15.1R7-S6 |
| juniper_networks | junos_os | >= 15.1X49 < 15.1X49-D200 | 15.1X49-D200 |
| juniper_networks | junos_os | >= 15.1X53 < 15.1X53-D238, 15.1X53-D592 | 15.1X53-D238, 15.1X53-D592 |
| juniper_networks | junos_os | >= 16.1 < 16.1R7-S5 | 16.1R7-S5 |
| juniper_networks | junos_os | >= 16.2 < 16.2R2-S11 | 16.2R2-S11 |
| juniper_networks | junos_os | >= 17.1 < 17.1R2-S11, 17.1R3-S1 | 17.1R2-S11, 17.1R3-S1 |
| juniper_networks | junos_os | >= 17.2 < 17.2R3-S2 | 17.2R3-S2 |
GHSA
GHSA-q7p8-h39r-cm7r: In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon
ghsa_unreviewed·2022-05-24
CVE-2020-1600 [MEDIUM] CWE-835 GHSA-q7p8-h39r-cm7r: In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon
In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition. This issue affects both SNMP over IPv4 and IPv6. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D90; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D238, 15.1X53-D592; 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R3-S2; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S4, 17.4R3; 18.1 versions prior
Juniper
CVE-2020-1600: In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon
vendor_juniper·2020-01-15·CVSS 6.5
CVE-2020-1600 [MEDIUM] CWE-400 CVE-2020-1600: In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon
CVE-2020-1600: In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an uncontrolled resource consumption vulnerability in the Routing Protocol Daemon (RPD) in Juniper Networks Junos OS allows a specific SNMP request to trigger an infinite loop causing a high CPU usage Denial of Service (DoS) condition. This issue affects both SNMP over IPv4 and IPv6. This issue affects: Juniper Networks Junos OS: 12.3X48 versions prior to 12.3X48-D90; 15.1 versions prior to 15.1R7-S6; 15.1X49 versions prior to 15.1X49-D200; 15.1X53 versions prior to 15.1X53-D238, 15.1X53-D592; 16.1 versions prior to 16.1R7-S5; 16.2 versions prior to 16.2R2-S11; 17.1 versions prior to 17.1R3-S1; 17.2 versions prior to 17.2R3-S2; 17.3 versions prior to 17.3R3-S7; 17.4 versions prior to 17.4R2-S4, 17.4R3; 18.1
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-13134 ImageMagick: a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c
bugzilla·2019-07-02·CVSS 5.5
CVE-2019-13134 [MEDIUM] CVE-2019-13134 ImageMagick: a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c
CVE-2019-13134 ImageMagick: a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadVIFFImage in coders/viff.c.
Upstream Issue:
https://github.com/ImageMagick/ImageMagick/issues/1600
Discussion:
Created ImageMagick tracking bugs for this issue:
Affects: fedora-all [bug 1726082]
---
Upstream patch:
https://github.com/ImageMagick/ImageMagick/commit/fe3066122ef72c82415811d25e9e3fad622c0a99
---
ImageMagick6 commit:
https://github.com/ImageMagick/ImageMagick6/commit/210474b2fac6a661bfa7ed563213920e93e76395
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2020:1180 https://access.redhat.com/errata/RHSA-2020:1180
---
This bug is now cl
Bugzilla
CVE-2019-13133 ImageMagick: a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c
bugzilla·2019-07-02·CVSS 5.5
CVE-2019-13133 [MEDIUM] CVE-2019-13133 ImageMagick: a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c
CVE-2019-13133 ImageMagick: a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c
ImageMagick before 7.0.8-50 has a memory leak vulnerability in the function ReadBMPImage in coders/bmp.c.
Upstream Issue:
https://github.com/ImageMagick/ImageMagick/issues/1600
Discussion:
Created ImageMagick tracking bugs for this issue:
Affects: fedora-all [bug 1726079]
---
Upstream patch:
https://github.com/ImageMagick/ImageMagick/commit/fe3066122ef72c82415811d25e9e3fad622c0a99
---
ImageMagick6 commit:
https://github.com/ImageMagick/ImageMagick6/commit/210474b2fac6a661bfa7ed563213920e93e76395
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2020:1180 https://access.redhat.com/errata/RHSA-2020:1180
---
This bug is now closed
2020-01-15
Published