CVE-2020-1678

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-1678
On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. If the memory is exhausted the rpd process might crash. If the issue occurs, the memory leak could be seen by executing the "show task memory detail | match policy | match evpn" command multiple times to check if memory (Alloc Blocks value) is increasing. root@device> show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 3330678 79936272 3330678 79936272 root@device> show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 36620255 878886120 36620255 878886120 This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2; 20.1 versions prior to 20.1R1-S4, 20.1R2; Juniper Networks Junos OS Evolved: 19.4 versions; 20.1 versions prior to 20.1R1-S4-EVO, 20.1R2-EVO; 20.2 versions prior to 20.2R1-EVO; This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO.

6.5 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

2.9 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 5.5 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
https://kb.juniper.net/JSA11075 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:juniper:junos:19.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:19.4:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:19.4:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.1:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.1:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.1:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:20.1:r1-s3:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:19.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:19.4:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:19.4:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:20.1:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:20.1:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:20.2:-:*:*:*:*:*:*
History

25 Oct 2021, 15:20

Type Values Removed Values Added
CPE cpe:2.3:o:juniper:junos_evolved:19.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_evolved:20.1:r1:*:*:*:*:*:*		 cpe:2.3:o:juniper:junos_os_evolved:20.1:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:19.4:r1:*:*:*:*:*:*

23 Oct 2021, 13:20

Type Values Removed Values Added
CPE cpe:2.3:o:juniper:junos_evolved:19.4:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_evolved:20.2:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_evolved:19.4:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_evolved:20.1:-:*:*:*:*:*:*		 cpe:2.3:o:juniper:junos_os_evolved:20.2:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:20.1:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:19.4:r2-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:19.4:r2:*:*:*:*:*:*

19 Oct 2021, 12:05

Type Values Removed Values Added
CWE CWE-772 CWE-401
Information

Published : 2020-10-16 21:15

Updated : 2023-12-10 13:41

NVD link : CVE-2020-1678

Mitre link : CVE-2020-1678

CVE.ORG link : CVE-2020-1678

JSON object : View

Products Affected

juniper

  • junos_os_evolved
  • junos
CWE
CWE-401

Missing Release of Memory after Effective Lifetime

CWE-400

Uncontrolled Resource Consumption