CVE Vulnerabilities

CVE-2021-0226

Improper Initialization

Published: Apr 22, 2021 | Modified: Oct 07, 2021
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

On Juniper Networks Junos OS Evolved devices, receipt of a specific IPv6 packet may cause an established IPv6 BGP session to terminate, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue does not affect IPv4 BGP sessions. This issue affects IBGP or EBGP peer sessions with IPv6. This issue affects: Juniper Networks Junos OS Evolved: 19.4 versions prior to 19.4R2-S3-EVO; 20.1 versions prior to 20.1R2-S3-EVO; 20.2 versions prior to 20.2R2-S1-EVO; 20.3 versions prior to 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS releases.

Weakness

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

Affected Software

Name Vendor Start Version End Version
Junos_os_evolved Juniper 20.1-r1 (including) 20.1-r1 (including)
Junos_os_evolved Juniper 20.1-r1-s1 (including) 20.1-r1-s1 (including)
Junos_os_evolved Juniper 20.1-r2 (including) 20.1-r2 (including)
Junos_os_evolved Juniper 20.1-r2-s1 (including) 20.1-r2-s1 (including)
Junos_os_evolved Juniper 20.1-r2-s2 (including) 20.1-r2-s2 (including)
Junos_os_evolved Juniper 20.2-r1 (including) 20.2-r1 (including)
Junos_os_evolved Juniper 20.2-r1-s1 (including) 20.2-r1-s1 (including)
Junos_os_evolved Juniper 20.2-r2 (including) 20.2-r2 (including)
Junos_os_evolved Juniper 20.3-r1 (including) 20.3-r1 (including)
Junos_os_evolved Juniper 20.3-r1-s1 (including) 20.3-r1-s1 (including)

Potential Mitigations

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, in Java, if the programmer does not explicitly initialize a variable, then the code could produce a compile-time error (if the variable is local) or automatically initialize the variable to the default value for the variable’s type. In Perl, if explicit initialization is not performed, then a default value of undef is assigned, which is interpreted as 0, false, or an equivalent value depending on the context in which the variable is accessed.

References