Memory leak in Juniper Junos OS - CVE-2018-0022
Published: April 17, 2018
Vulnerability identifier: #VU11849
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-0022
CWE-ID: CWE-401
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Juniper Networks, Inc.
Affected software:
Juniper Junos OS
Juniper Junos OS
Detailed vulnerability description
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to an mbuf leak when processing a specific MPLS packet. Approximately 1 mbuf is leaked per each packet processed. The number of mbufs is platform dependent. The following command provides the number of mbufs that are currently in use and maximum number of mbufs that can be allocated on a platform:
The weakness exists due to an mbuf leak when processing a specific MPLS packet. Approximately 1 mbuf is leaked per each packet processed. The number of mbufs is platform dependent. The following command provides the number of mbufs that are currently in use and maximum number of mbufs that can be allocated on a platform:
> show system buffers
2437/3143/5580 mbufs in use (current/cache/total)
Once the device runs out of mbufs a remote attacker can cause the service to crash.How to mitigate CVE-2018-0022
Update to versions 12.1X46-D76, 12.3X48-D66, 12.3X48-D70, 14.1R9, 14.1X53-D47, 14.2R8, 15.1F2-S19, 15.1F6-S10, 15.1R4-S9, 15.1R5-S7, 15.1R6-S4, 15.1R7, 15.1X49-D131, 15.1X49-D140, 15.1X53-D233, 15.1X53-D471, 15.1X53-D58, 15.1X53-D66, 16.1R3-S8, 16.1R4-S6, 16.1R5, 16.2R1-S6, 16.2R2-S5, 16.2R3, 17.1R1-S7, 17.1R2-S6, 17.1R3, 17.2R1-S5, 17.2R2, 17.3R1 or later.