CVE-2019-0037

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 15.1F6-S12 Junos OS versions prior to 15.1R7-S3 Junos OS versions prior to 15.1X49-D171 Junos OS versions prior to 15.1X49-D180 Junos OS versions prior to 15.1X53-D236 Junos OS versions prior to 15.1X53-D496 Junos OS versions prior to 16.1R3-S10 Junos OS versions prior to 16.1R7-S4 Junos OS versions prior to 16.2R2-S8 Junos OS versions prior to 17.1R2-S10 Junos OS versions prior to 17.1R3 Junos OS versions prior to 17.2R1-S8 Junos OS versions prior to 17.2R3-S1 Junos OS versions prior to 17.3R3-S3 Junos OS versions prior to 17.4R1-S6 Junos OS versions prior to 17.4R2-S3 Junos OS versions prior to 18.1R2-S4 Junos OS versions prior to 18.1R3-S2 Junos OS versions prior to 18.2R2 Junos OS versions prior to 18.2X75-D30 Junos OS versions prior to 18.3R1-S2

Description In a Dynamic Host Configuration Protocol version 6 (DHCPv6) environment, the jdhcpd daemon may crash and restart upon receipt of certain DHCPv6 solicit messages received from a DHCPv6 client. By continuously sending the same crafted packet, an attacker can repeatedly crash the jdhcpd process causing a sustained Denial of Service (DoS) to both IPv4 and IPv6 clients. The issue exists due to insufficient input validation in the DHCPv6 protocol implementation.

Recommendations For Junos OS versions prior to 15.1F6-S12, update to 15.1F6-S12 or later. For Junos OS versions prior to 15.1R7-S3, update to 15.1R7-S3 or later. For Junos OS versions prior to 15.1X49-D171, update to 15.1X49-D171 or later. For Junos OS versions prior to 15.1X49-D180, update to 15.1X49-D180 or later. For Junos OS versions prior to 15.1X53-D236, update to 15.1X53-D236 or later. For Junos OS versions prior to 15.1X53-D496, update to 15.1X53-D496 or later. For Junos OS versions prior to 16.1R3-S10, update to 16.1R3-S10 or later. For Junos OS versions prior to 16.1R7-S4, update to 16.1R7-S4 or later. For Junos OS versions prior to 16.2R2-S8, update to 16.2R2-S8 or later. For Junos OS versions prior to 17.1R2-S10, update to 17.1R2-S10 or later. For Junos OS versions prior to 17.1R3, update to 17.1R3 or later. For Junos OS versions prior to 17.2R1-S8, update to 17.2R1-S8 or later. For Junos OS versions prior to 17.2R3-S1, update to 17.2R3-S1 or later. For Junos OS versions prior to 17.3R3-S3, update to 17.3R3-S3 or later. For Junos OS versions prior to 17.4R1-S6, update to 17.4R1-S6 or later. For Junos OS versions prior to 17.4R2-S3, update to 17.4R2-S3 or later. For Junos OS versions prior to 18.1R2-S4, update to 18.1R2-S4 or later. For Junos OS versions prior to 18.1R3-S2, update to 18.1R3-S2 or later. For Junos OS versions prior to 18.2R2, update to 18.2R2 or later. For Junos OS versions prior to 18.2X75-D30, update to 18.2X75-D30 or later. For Junos OS versions prior to 18.3R1-S2, update to 18.3R1-S2 or later.