CVE-2017-2315

Name of the Vulnerable Software and Affected Versions Junos OS versions 12.3 prior to 12.3R12-S4, 12.3R13 Junos OS versions 13.3 prior to 13.3R10 Junos OS versions 14.1 prior to 14.1R8-S3, 14.1R9 Junos OS versions 14.1X53 prior to 14.1X53-D12, 14.1X53-D40 Junos OS versions 14.1X55 prior to 14.1X55-D35 Junos OS versions 14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8 Junos OS versions 15.1 prior to 15.1R5 Junos OS versions 16.1 before 16.1R3 Junos OS versions 16.2 before 16.2R1-S3, 16.2R2

Description A vulnerability in IPv6 processing has been discovered that may allow a specially crafted IPv6 Neighbor Discovery (ND) packet to cause a slow memory leak. A malicious network-based packet flood of these crafted IPv6 NDP packets may eventually lead to resource exhaustion and a denial of service.

Recommendations For Junos OS versions 12.3 prior to 12.3R12-S4, 12.3R13, update to version 12.3R12-S4 or later. For Junos OS versions 13.3 prior to 13.3R10, update to version 13.3R10 or later. For Junos OS versions 14.1 prior to 14.1R8-S3, 14.1R9, update to version 14.1R8-S3 or later. For Junos OS versions 14.1X53 prior to 14.1X53-D12, 14.1X53-D40, update to version 14.1X53-D12 or later. For Junos OS versions 14.1X55 prior to 14.1X55-D35, update to version 14.1X55-D35 or later. For Junos OS versions 14.2 prior to 14.2R6-S4, 14.2R7-S6, 14.2R8, update to version 14.2R6-S4 or later. For Junos OS versions 15.1 prior to 15.1R5, update to version 15.1R5 or later. For Junos OS versions 16.1 before 16.1R3, update to version 16.1R3 or later. For Junos OS versions 16.2 before 16.2R1-S3, 16.2R2, update to version 16.2R1-S3 or later. As a temporary workaround, consider restricting the receipt of IPv6 NDP packets to minimize the risk of exploitation.