CVE-2020-1625

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 16.1R7-S6 Juniper Networks Junos OS versions prior to 17.1R2-S11, 17.1R3-S1 Juniper Networks Junos OS versions prior to 17.2R2-S8, 17.2R3-S3 Juniper Networks Junos OS versions prior to 17.2X75-D44 Juniper Networks Junos OS versions prior to 17.3R2-S5, 17.3R3-S6 Juniper Networks Junos OS versions prior to 17.4R2-S5, 17.4R3 Juniper Networks Junos OS versions prior to 18.1R3-S7 Juniper Networks Junos OS versions prior to 18.2R2-S5, 18.2R3 Juniper Networks Junos OS versions prior to 18.2X75-D33, 18.2X75-D411, 18.2X75-D420, 18.2X75-D60 Juniper Networks Junos OS versions prior to 18.3R1-S5, 18.3R2-S3, 18.3R3 Juniper Networks Junos OS versions prior to 18.4R2-S2, 18.4R3 Juniper Networks Junos OS versions prior to 19.1R1-S3, 19.1R2 Juniper Networks Junos OS versions prior to 19.2R1-S3, 19.2R2

Description: The issue is related to a memory leak in the kernel of Juniper Networks Junos OS. When Integrated Routing and Bridging (IRB) is configured with multiple underlay physical interfaces and one interface flaps, the kernel memory usage represented as "temp" may constantly increase. This can affect running daemons, leading to an extended Denial of Service (DoS) condition. The usage of "temp" virtual memory can be monitored by executing the 'show system virtual-memory' command.

Recommendations: Update to a version of Juniper Networks Junos OS that is not affected by this issue, such as 16.1R7-S6 or later, 17.1R2-S11 or later, 17.1R3-S1 or later, 17.2R2-S8 or later, 17.2R3-S3 or later, 17.2X75-D44 or later, 17.3R2-S5 or later, 17.3R3-S6 or later, 17.4R2-S5 or later, 17.4R3 or later, 18.1R3-S7 or later, 18.2R2-S5 or later, 18.2R3 or later, 18.2X75-D33 or later, 18.2X75-D411 or later, 18.2X75-D420 or later, 18.2X75-D60 or later, 18.3R1-S5 or later, 18.3R2-S3 or later, 18.3R3 or later, 18.4R2-S2 or later, 18.4R3 or later, 19.1R1-S3 or later, 19.1R2 or later, 19.2R1-S3 or later, 19.2R2 or later. As a temporary workaround, consider monitoring the "temp" virtual memory usage by executing the 'show system virtual-memory' command to detect potential memory leaks.