Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10,...

Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before 12.1R8-S2, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, 12.2 before 12.2R7, 12.3 before 12.3R4-S2, 13.1 before 13.1R3-S1, 13.2 before 13.2R2, and 13.3 before 13.3R1 allows remote attackers to cause a denial of service (rdp crash) via a large BGP UPDATE message which immediately triggers a withdraw message to be sent, as demonstrated by a long AS_PATH and a large number of BGP Communities.

References

Published by the National Vulnerability Database Jan 15, 2014

Published to the GitHub Advisory Database May 17, 2022

Last updated Jan 28, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Package

Affected versions

Patched versions

Description

References

Severity

EPSS score

Exploit Prediction Scoring System (EPSS)

Weaknesses

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVE ID

GHSA ID

Source code

Uh oh!