CVE-2019-0010

Name of the Vulnerable Software and Affected Versions: Junos OS on SRX Series versions prior to 12.1X46-D81 Junos OS on SRX Series versions prior to 12.3X48-D77 Junos OS on SRX Series versions prior to 15.1X49-D101 Junos OS on SRX Series versions prior to 15.1X49-D110

Description: The issue is related to insufficient input validation in the Junos OS, which can be exploited by a remote attacker using specially crafted HTTP traffic. This can cause a system crash with a "mbuf exceed" error message, indicating memory buffer exhaustion. The problem occurs when HTTP AV inspection is configured, and devices set up for Web Filtering alone are not affected. The system crash can be preceded by log messages indicating mbuf stall, such as "SPU3 jmpi mbuf stall 50%".

Recommendations: For Junos OS on SRX Series versions prior to 12.1X46-D81, update to version 12.1X46-D81 or later. For Junos OS on SRX Series versions prior to 12.3X48-D77, update to version 12.3X48-D77 or later. For Junos OS on SRX Series versions prior to 15.1X49-D101, update to version 15.1X49-D101 or later. For Junos OS on SRX Series versions prior to 15.1X49-D110, update to version 15.1X49-D110 or later. As a temporary workaround, consider disabling HTTP AV inspection until a patch is available.