CVE-2020-1671
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a malformed DHCPv6 packet is received, resulting with the restart of the daemon. This issue only affects DHCPv6, it does not affect DHCPv4. This issue affects: Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.2 version 19.2R2 and later versions; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; This issue does not affect Juniper Networks Junos OS prior to 17.4R1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS | unspecified < 17.4R1 | unaffected |
| Juniper Networks | Junos OS | 17.4 < 17.4R2-S12, 17.4R3-S3 | affected |
| Juniper Networks | Junos OS | 18.1 < 18.1R3-S11 | affected |
| Juniper Networks | Junos OS | 18.2 < 18.2R3-S6 | affected |
| Juniper Networks | Junos OS | 18.2X75 < 18.2X75-D65 | affected |
| Juniper Networks | Junos OS | 18.3 < 18.3R2-S4, 18.3R3-S3 | affected |
| Juniper Networks | Junos OS | 18.4 < 18.4R2-S5, 18.4R3-S4 | affected |
| Juniper Networks | Junos OS | 19.1 < 19.1R3-S2 | affected |
| Juniper Networks | Junos OS | 19.2 < 19.2R1-S5, 19.2R3 | affected |
| Juniper Networks | Junos OS | 19.3 < 19.3R2-S4, 19.3R3 | affected |
| Juniper Networks | Junos OS | 19.4 < 19.4R1-S3, 19.4R2-S2, 19.4R3 | affected |
| Juniper Networks | Junos OS | 20.1 < 20.1R1-S3, 20.1R2 | affected |
Weaknesses
- CWE-119: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE-125: CWE-125 Out-of-bounds Read
Workarounds
There are no viable workarounds for this issue.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.