CVE-2023-28964 — Improper Handling of Length Parameter Inconsistency in Networks Junos OS

CWE-130 — Improper Handling of Length Parameter Inconsistency4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 42.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedApr 17

Latest updateApr 18

Description

An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network based, unauthenticated attacker to cause an RPD crash leading to a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Upon receipt of a malformed BGP flowspec update, RPD will crash resulting in a Denial of Service. This issue affects Juniper Net…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolvedunspecified — 20.1R3-EVO+2

▶CVEListV5juniper_networks/junos_osunspecified — 18.1R3-S11+10

▶NVDjuniper/junos_os_evolved< 20.1+3

▶NVDjuniper/junos< 18.1+11

🔴Vulnerability Details

GHSA

GHSA-jwqv-5v5p-9h8m: An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Ev↗2023-04-18

▶

CVEList

Junos OS and Junos OS Evolved: Malformed BGP flowspec update causes RPD crash↗2023-04-17

▶

📋Vendor Advisories

Juniper

CVE-2023-28964: An Improper Handling of Length Parameter Inconsistency vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Ev↗2023-04-17

▶