An unexpected status return value weakness in the Next-Generation Multicast VPN (NG-mVPN) service of Juniper Networks Junos OS allows attacker to cause a Denial of Service (DoS) condition and core the routing protocol daemon (rpd) process when a specific malformed IPv4 packet is received by the device running BGP. This malformed packet can be crafted and sent to a victim device including when forwarded directly through a device receiving such a malformed packet, but not if the malformed packet is first de-encapsulated from an encapsulated format by a receiving device. Continued receipt of the malformed packet will result in a sustained Denial of Service condition. This issue affects: Juniper Networks Junos OS 15.1 versions prior to 15.1F6-S12, 15.1R7-S2; 15.1X49 versions prior to 15.1X49-D150 on SRX Series; 15.1X53 versions prior to 15.1X53-D68, 15.1X53-D235, 15.1X53-D495, 15.1X53-D590; 16.1 versions prior to 16.1R3-S10, 16.1R4-S12, 16.1R6-S6, 16.1R7-S2; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S9, 17.1R3; 17.2 versions prior to 17.2R1-S7, 17.2R2-S6, 17.2R3; 17.3 versions prior to 17.3R2-S4, 17.3R3.
The product does not properly check when a function or operation returns a value that is legitimate for the function, but is not expected by the product.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Junos | Juniper | 15.1-a1 (including) | 15.1-a1 (including) |
| Junos | Juniper | 15.1-f1 (including) | 15.1-f1 (including) |
| Junos | Juniper | 15.1-f2 (including) | 15.1-f2 (including) |
| Junos | Juniper | 15.1-f2-s1 (including) | 15.1-f2-s1 (including) |
| Junos | Juniper | 15.1-f2-s2 (including) | 15.1-f2-s2 (including) |
| Junos | Juniper | 15.1-f2-s3 (including) | 15.1-f2-s3 (including) |
| Junos | Juniper | 15.1-f2-s4 (including) | 15.1-f2-s4 (including) |
| Junos | Juniper | 15.1-f3 (including) | 15.1-f3 (including) |
| Junos | Juniper | 15.1-f4 (including) | 15.1-f4 (including) |
| Junos | Juniper | 15.1-f5 (including) | 15.1-f5 (including) |
| Junos | Juniper | 15.1-f6 (including) | 15.1-f6 (including) |
| Junos | Juniper | 15.1-f6-s3 (including) | 15.1-f6-s3 (including) |
| Junos | Juniper | 15.1-r1 (including) | 15.1-r1 (including) |
| Junos | Juniper | 15.1-r2 (including) | 15.1-r2 (including) |
| Junos | Juniper | 15.1-r3 (including) | 15.1-r3 (including) |
| Junos | Juniper | 15.1-r4 (including) | 15.1-r4 (including) |
| Junos | Juniper | 15.1-r4-s9 (including) | 15.1-r4-s9 (including) |
| Junos | Juniper | 15.1-r5 (including) | 15.1-r5 (including) |
| Junos | Juniper | 15.1-r6 (including) | 15.1-r6 (including) |
| Junos | Juniper | 15.1-r6-s6 (including) | 15.1-r6-s6 (including) |
| Junos | Juniper | 15.1-r7-s1 (including) | 15.1-r7-s1 (including) |