CVE-2020-1678Uncontrolled Resource Consumption in Networks Junos OS

CWE-400Uncontrolled Resource ConsumptionCWE-401Missing Release of Memory after Effective LifetimeCWE-772Missing Release of Resource after Effective Lifetime4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 76.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Juniper Networks Junos OSJuniper Networks Junos OS EvolvedJuniper Junos+1 more
Timeline
PublishedOct 16
Latest updateMay 24

Description

On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. If the memory is exhausted the rpd process might crash. If the issue occurs, the memory leak could be seen by executing the "show task memory detail | match policy | match evpn" command multiple times to check if memory (Alloc Blocks value) is increasing. root@device> show task memory detail | match policy | match evpn ------------------------ Allocator Mem

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5juniper_networks/junos_os_evolved20.1-EVO20.1R1-S4-EVO, 20.1R2-EVO+1
CVEListV5juniper_networks/junos_os19.419.4R2+1
NVDjuniper/junos_os_evolved19.4, 20.1, 20.2+2
NVDjuniper/junos19.4, 20.1+1

🔴Vulnerability Details

2
GHSA
GHSA-4w73-g2f7-3g9h: On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak2022-05-24
CVEList
Junos OS and Junos OS Evolved: RPD can crash due to a slow memory leak.2020-10-16

📋Vendor Advisories

1
Juniper
CVE-2020-1678: On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. If the me2020-10-16
CVE-2020-1678 — Uncontrolled Resource Consumption | cvebase