When upgrading from a version of Junos prior to 19.4R1 to a version of Junos OS 19.4R1 or higher, there is a possibility of a missing memory leak after the upgrade. This issue can be mitigated by upgrading to a supported Junos version. For information on which versions of Junos OS are supported, see Recommended Upgrade Paths. This issue can be exploited remotely. It can be exploited by remote attackers via a compromised VXLAN interface, consuming a large amount of CPU resources on the device. This issue can be exploited by local attackers, consuming a large amount of CPU resources on the device. On exhaustion of the heap memory, the PFE on the device may crash and result in a Denial of Service (DoS). This issue can be exploited remotely. It can be exploited by an unauthenticated remote attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause heap memory to leak and on exhaustion the PFE to reset. The heap memory utilization can be monitored with the command: user@host> show chassis fpc This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2-S6, 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3
References: https://kb.juniper.net/InfoCenter/index?page=content&id=KB201928
Timeline
Published on: 01/19/2022 01:15:00 UTC
Last modified on: 01/26/2022 18:17:00 UTC