CVE-2021-0230

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS on SRX Series versions 17.1R3 through 17.3R3-S10 Juniper Networks Junos OS on SRX Series versions 17.4 through 17.4R3-S4 Juniper Networks Junos OS on SRX Series versions 18.2 through 18.2R3-S6 Juniper Networks Junos OS on SRX Series versions 18.3 through 18.3R3-S3 Juniper Networks Junos OS on SRX Series versions 18.4 through 18.4R2-S6 Juniper Networks Junos OS on SRX Series versions 18.4R3 through 18.4R3-S5 Juniper Networks Junos OS on SRX Series versions 19.1 through 19.1R3-S3 Juniper Networks Junos OS on SRX Series versions 19.2 through 19.2R1-S5 Juniper Networks Junos OS on SRX Series versions 19.3 through 19.3R2 Juniper Networks Junos OS on SRX Series versions 19.4 through 19.4R2 Juniper Networks Junos OS on SRX Series versions 20.1 through 20.1R1 Juniper Networks Junos OS on SRX Series versions 20.2 through 20.2R1 Juniper Networks Junos OS on SRX Series versions 20.3 through 20.3R0

Description: A slow kernel memory leak occurs on Juniper Networks SRX Series devices with link aggregation (lag) configured when executing operations that fetch Aggregated Ethernet (AE) interface statistics, including SNMP GET requests. This can lead to traffic impact and require a reboot if all available memory is consumed. An administrator can monitor memory consumption status using the CLI command show system virtual-memory no-forwarding | match ifstat.

Recommendations: For Juniper Networks Junos OS on SRX Series versions 17.1R3 through 17.3R3-S10, update to version 17.3R3-S11 or later. For Juniper Networks Junos OS on SRX Series versions 17.4 through 17.4R3-S4, update to version 17.4R3-S5 or later. For Juniper Networks Junos OS on SRX Series versions 18.2 through 18.2R3-S6, update to version 18.2R3-S7 or later. For Juniper Networks Junos OS on SRX Series versions 18.3 through 18.3R3-S3, update to version 18.3R3-S4 or later. For Juniper Networks Junos OS on SRX Series versions 18.4 through 18.4R2-S6, update to version 18.4R2-S7 or later. For Juniper Networks Junos OS on SRX Series versions 18.4R3 through 18.4R3-S5, update to version 18.4R3-S6 or later. For Juniper Networks Junos OS on SRX Series versions 19.1 through 19.1R3-S3, update to version 19.1R3-S4 or later. For Juniper Networks Junos OS on SRX Series versions 19.2 through 19.2R1-S5, update to version 19.2R1-S6 or later. For Juniper Networks Junos OS on SRX Series versions 19.3 through 19.3R2, update to version 19.3R3-S1 or later. For Juniper Networks Junos OS on SRX Series versions 19.4 through 19.4R2, update to version 19.4R3-S1 or later. For Juniper Networks Junos OS on SRX Series versions 20.1 through 20.1R1, update to version 20.1R2 or later. For Juniper Networks Junos OS on SRX Series versions 20.2 through 20.2R1, update to version 20.2R2-S2 or later. For Juniper Networks Junos OS on SRX Series versions 20.3 through 20.3R0, update to version 20.3R1-S2 or later.