CVE-2018-0027

Summary

Receipt of a crafted or malformed RSVP PATH message may cause the routing protocol daemon (RPD) to hang or crash. When RPD is unavailable, routing updates cannot be processed which can lead to an extended network outage. If RSVP is not enabled on an interface, then the issue cannot be triggered via that interface. This issue only affects Juniper Networks Junos OS 16.1 versions prior to 16.1R3. This issue does not affect Junos releases prior to 16.1R1.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS16.1 < 16.1R3affected
Juniper NetworksJunos OSall < 16.1R1unaffected

Weaknesses

  • denial of service

Workarounds

Only enable RSVP on specific trusted interfaces as required for MPLS.

ADP Enrichment

CVE Program Container

Additional References

References