CVE-2020-1678

Junos OS and Junos OS Evolved: RPD can crash due to a slow memory leak.

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. If the memory is exhausted the rpd process might crash. If the issue occurs, the memory leak could be seen by executing the "show task memory detail | match policy | match evpn" command multiple times to check if memory (Alloc Blocks value) is increasing. root@device> show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 3330678 79936272 3330678 79936272 root@device> show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 36620255 878886120 36620255 878886120 This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2; 20.1 versions prior to 20.1R1-S4, 20.1R2; Juniper Networks Junos OS Evolved: 19.4 versions; 20.1 versions prior to 20.1R1-S4-EVO, 20.1R2-EVO; 20.2 versions prior to 20.2R1-EVO; This issue does not affect: Juniper Networks Junos OS releases prior to 19.4R1. Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO.

En las plataformas Juniper Networks Junos OS y Junos OS Evolved con EVPN configurado, la recepción de paquetes BGP específicos causa un filtrado de la memoria lento. Si se agota la memoria, el proceso rpd podría bloquearse. Si ocurre el problema, el filtrado de la memoria puede ser visualizado ejecutando el comando "show task memory detail | match policy | match evpn" varias veces para comprobar si la memoria (valor de Alloc Blocks) está aumentando. root@device) show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 3330678 79936272 3330678 79936272 root@device> show task memory detail | match policy | match evpn ------------------------ Allocator Memory Report ------------------------ Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes Policy EVPN Params 20 24 36620255 878886120 36620255 878886120. Este problema afecta a: Juniper Networks Junos OS versiones 19.4 anteriores a 19.4R2; versiones 20.1 anteriores a 20.1R1-S4, 20.1R2; Juniper Networks Junos OS Evolved: versiones 19.4; versiones 20.1 anteriores a 20.1R1-S4-EVO, 20.1R2-EVO; versiones 20.2 anteriores a 20.2R1-EVO; Este problema no afecta: Juniper Networks Junos OS versiones anteriores a 19.4R1. Juniper Networks Junos OS Evolved versiones anteriores a 19.4R1-EVO

*Credits: N/A

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Adjacent

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2019-11-04 CVE Reserved
2020-10-16 CVE Published
2023-07-02 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-400: Uncontrolled Resource Consumption
CWE-401: Missing Release of Memory after Effective Lifetime

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://kb.juniper.net/JSA11075	2021-10-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				19.4 Search vendor "Juniper" for product "Junos" and version "19.4"		r1		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				19.4 Search vendor "Juniper" for product "Junos" and version "19.4"		r1-s1		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				19.4 Search vendor "Juniper" for product "Junos" and version "19.4"		r1-s2		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				20.1 Search vendor "Juniper" for product "Junos" and version "20.1"		r1		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				20.1 Search vendor "Juniper" for product "Junos" and version "20.1"		r1-s1		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				20.1 Search vendor "Juniper" for product "Junos" and version "20.1"		r1-s2		Affected
Juniper Search vendor "Juniper"		Junos Search vendor "Juniper" for product "Junos"				20.1 Search vendor "Juniper" for product "Junos" and version "20.1"		r1-s3		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				19.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "19.4"		r1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				19.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "19.4"		r2		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				19.4 Search vendor "Juniper" for product "Junos Os Evolved" and version "19.4"		r2-s1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				20.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "20.1"		-		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				20.1 Search vendor "Juniper" for product "Junos Os Evolved" and version "20.1"		r1		Affected
Juniper Search vendor "Juniper"		Junos Os Evolved Search vendor "Juniper" for product "Junos Os Evolved"				20.2 Search vendor "Juniper" for product "Junos Os Evolved" and version "20.2"		-		Affected