CVE-2020-1651Missing Release of Memory after Effective Lifetime in Networks Junos OS

CWE-19CWE-401Missing Release of Memory after Effective Lifetime4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 76.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJul 17
Latest updateMay 24

Description

On Juniper Networks MX series, receipt of a stream of specific Layer 2 frames may cause a memory leak resulting in the packet forwarding engine (PFE) on the line card to crash and restart, causing traffic interruption. By continuously sending this stream of specific layer 2 frame, an attacker connected to the same broadcast domain can repeatedly crash the PFE, causing a prolonged Denial of Service (DoS). This issue affects Juniper Networks Junos OS on MX Series: 17.2 versions prior to 17.2R3-S4;

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os17.217.2R3-S4+4
NVDjuniper/junos5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-x7q7-3cr3-m2q3: On Juniper Networks MX series, receipt of a stream of specific Layer 2 frames may cause a memory leak resulting in the packet forwarding engine (PFE)2022-05-24
CVEList
Junos OS: MX Series: PFE on the line card may crash due to memory leak.2020-07-17

📋Vendor Advisories

1
Juniper
CVE-2020-1651: On Juniper Networks MX series, receipt of a stream of specific Layer 2 frames may cause a memory leak resulting in the packet forwarding engine (PFE)2020-07-17
CVE-2020-1651 — Juniper Networks Junos OS vulnerability | cvebase