CVE-2017-2312

Name of the Vulnerable Software and Affected Versions Junos OS versions 13.3 prior to 13.3R10 Junos OS versions 14.1 prior to 14.1R8 Junos OS versions 14.2 prior to 14.2R7-S6 or 14.2R8 Junos OS versions 15.1 prior to 15.1F2-S14, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5 Junos OS versions 15.1X49 before 15.1X49-D70 Junos OS versions 15.1X53 before 15.1X53-D230, 15.1X53-D63, 15.1X53-D70 Junos OS versions 16.1 before 16.1R2

Description The issue is related to the management of resources in the Junos OS, specifically with LDP (Label Distribution Protocol) enabled. Repeatedly receiving specific LDP packets can cause the memory allocated for the rpd (routing protocol daemon) process to exhaust, leading to a crash and restart of the process. This affects devices with either IPv4 or IPv6 LDP enabled via the protocols ldp configuration. The interface on which the packet arrives needs to have LDP enabled.

Recommendations For Junos OS versions 13.3 prior to 13.3R10, update to 13.3R10 or later. For Junos OS versions 14.1 prior to 14.1R8, update to 14.1R8 or later. For Junos OS versions 14.2 prior to 14.2R7-S6 or 14.2R8, update to 14.2R7-S6, 14.2R8, or later. For Junos OS versions 15.1 prior to 15.1F2-S14, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5, update to 15.1F2-S14, 15.1F6-S4, 15.1F7, 15.1R4-S7, 15.1R5, or later. For Junos OS versions 15.1X49 before 15.1X49-D70, update to 15.1X49-D70 or later. For Junos OS versions 15.1X53 before 15.1X53-D230, 15.1X53-D63, 15.1X53-D70, update to 15.1X53-D230, 15.1X53-D63, 15.1X53-D70, or later. For Junos OS versions 16.1 before 16.1R2, update to 16.1R2 or later. As a temporary workaround, consider disabling LDP on interfaces where it is not necessary until a patch is available.