CVE-2020-1653

Name of the Vulnerable Software and Affected Versions: Junos OS versions 17.4R1 through 17.4R2-S11 Junos OS versions 17.4R3 through 17.4R3-S2 Junos OS versions 18.1 through 18.1R3-S10 Junos OS versions 18.2 through 18.2R2-S7 Junos OS versions 18.2R3 through 18.2R3-S5 Junos OS versions 18.2X75 through 18.2X75-D41 Junos OS versions 18.2X75-D420 through 18.2X75-D420.12 Junos OS versions 18.2X75-D51 through 18.2X75-D51 Junos OS versions 18.2X75-D60 through 18.2X75-D60 Junos OS versions 18.2X75-D34 through 18.2X75-D34 Junos OS versions 18.3 through 18.3R2-S4 Junos OS versions 18.3R3 through 18.3R3-S2 Junos OS versions 18.4 through 18.4R1-S7 Junos OS versions 18.4R2 through 18.4R2-S4 Junos OS versions 18.4R3 through 18.4R3-S1 Junos OS versions 19.1 through 19.1R1-S5 Junos OS versions 19.1R2 through 19.1R2-S1 Junos OS versions 19.1R3 through 19.1R3 Junos OS versions 19.2 through 19.2R1-S5 Junos OS versions 19.2R2 through 19.2R2 Junos OS versions 19.3 through 19.3R2-S3 Junos OS versions 19.3R3 through 19.3R3 Junos OS versions 19.4 through 19.4R1-S2 Junos OS versions 19.4R2 through 19.4R2

Description: The issue is related to a buffer overflow in the Routing Engine (RE) of Junos OS, which can be exploited by sending a stream of TCP packets to the RE, causing an mbuf leak. This can lead to a Flexible PIC Concentrator (FPC) crash or a system crash and restart. The issue affects Junos OS releases starting from 17.4R1 and is caused by TCP packets. The number of mbufs is platform-dependent, and the device may become inaccessible once it runs out of mbufs.

Recommendations: For Junos OS versions 17.4R1 through 17.4R2-S11, update to version 17.4R2-S11 or later. For Junos OS versions 17.4R3 through 17.4R3-S2, update to version 17.4R3-S2 or later. For Junos OS versions 18.1 through 18.1R3-S10, update to version 18.1R3-S10 or later. For Junos OS versions 18.2 through 18.2R2-S7, update to version 18.2R2-S7 or later. For Junos OS versions 18.2R3 through 18.2R3-S5, update to version 18.2R3-S5 or later. For Junos OS versions 18.2X75 through 18.2X75-D41, update to version 18.2X75-D41 or later. For Junos OS versions 18.2X75-D420 through 18.2X75-D420.12, update to version 18.2X75-D420.12 or later. For Junos OS versions 18.2X75-D51 through 18.2X75-D51, update to version 18.2X75-D51 or later. For Junos OS versions 18.2X75-D60 through 18.2X75-D60, update to version 18.2X75-D60 or later. For Junos OS versions 18.2X75-D34 through 18.2X75-D34, update to version 18.2X75-D34 or later. For Junos OS versions 18.3 through 18.3R2-S4, update to version 18.3R2-S4 or later. For Junos OS versions 18.3R3 through 18.3R3-S2, update to version 18.3R3-S2 or later. For Junos OS versions 18.4 through 18.4R1-S7, update to version 18.4R1-S7 or later. For Junos OS versions 18.4R2 through 18.4R2-S4, update to version 18.4R2-S4 or later. For Junos OS versions 18.4R3 through 18.4R3-S1, update to version 18.4R3-S1 or later. For Junos OS versions 19.1 through 19.1R1-S5, update to version 19.1R1-S5 or later. For Junos OS versions 19.1R2 through 19.1R2-S1, update to version 19.1R2-S1 or later. For Junos OS versions 19.1R3 through 19.1R3, update to version 19.1R3 or later. For Junos OS versions 19.2 through 19.2R1-S5, update to version 19.2R1-S5 or later. For Junos OS versions 19.2R2 through 19.2R2, update to version 19.2R2 or later. For Junos OS versions 19.3 through 19.3R2-S3, update to version 19.3R2-S3 or later. For Junos OS versions 19.3R3 through 19.3R3, update to version 19.3R3 or later. For Junos OS versions 19.4 through 19.4R1-S2, update to version 19.4R1-S2 or later. For Junos OS versions 19.4R2 through 19.4R2, update to version 19.4R2 or later.