CVE Vulnerabilities

CVE-2021-0257

Uncontrolled Resource Consumption

Published: Apr 22, 2021 | Modified: Nov 21, 2024
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
3.3 LOW
AV:A/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

On Juniper Networks MX Series and EX9200 Series platforms with Trio-based MPCs (Modular Port Concentrators) where Integrated Routing and Bridging (IRB) interfaces are configured and mapped to a VPLS instance or a Bridge-Domain, certain Layer 2 network events at Customer Edge (CE) devices may cause memory leaks in the MPC of Provider Edge (PE) devices which can cause an out of memory condition and MPC restart. When this issue occurs, there will be temporary traffic interruption until the MPC is restored. An administrator can use the following CLI command to monitor the status of memory usage level of the MPC: user@device> show system resource-monitor fpc FPC Resource Usage Summary Free Heap Mem Watermark : 20 % Free NH Mem Watermark : 20 % Free Filter Mem Watermark : 20 % * - Watermark reached Slot # % Heap Free RTT Average RTT 1 87 PFE # % ENCAP mem Free % NH mem Free % FW mem Free 0 NA 88 99 1 NA 89 99 When the issue is occurring, the value of “% NH mem Free” will go down until the MPC restarts. This issue affects MX Series and EX9200 Series with Trio-based PFEs (Packet Forwarding Engines), including MX-MPC1-3D, MX-MPC1E-3D, MX-MPC2-3D, MX-MPC2E-3D, MPC-3D-16XGE, and CHAS-MXxx Series MPCs. No other products or platforms are affected by this issue. This issue affects Juniper Networks Junos OS on MX Series, EX9200 Series: 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R3-S3; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S6; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R3-S1; 19.4 versions prior to 19.4R2-S2, 19.4R3; 20.2 versions prior to 20.2R1-S3, 20.2R2; 20.3 versions prior to 20.3R1-S1,, 20.3R2. This issue does not affect Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S8; 17.4 versions prior to 17.4R3-S2; 18.1; 18.2 versions prior to 18.2R3-S4; 18.3 versions prior to 18.3R3-S2; 18.4 versions prior to 18.4R3-S1; 19.1; 19.2 versions prior to 19.2R2; 19.3 versions prior to 19.3R3; 19.4 versions prior to 19.4R2.

Weakness

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Affected Software

Name Vendor Start Version End Version
Junos Juniper 17.3 (including) 17.3 (including)
Junos Juniper 17.3-r1 (including) 17.3-r1 (including)
Junos Juniper 17.3-r1-s1 (including) 17.3-r1-s1 (including)
Junos Juniper 17.3-r1-s4 (including) 17.3-r1-s4 (including)
Junos Juniper 17.3-r2 (including) 17.3-r2 (including)
Junos Juniper 17.3-r2-s1 (including) 17.3-r2-s1 (including)
Junos Juniper 17.3-r2-s2 (including) 17.3-r2-s2 (including)
Junos Juniper 17.3-r2-s3 (including) 17.3-r2-s3 (including)
Junos Juniper 17.3-r2-s4 (including) 17.3-r2-s4 (including)
Junos Juniper 17.3-r2-s5 (including) 17.3-r2-s5 (including)
Junos Juniper 17.3-r3 (including) 17.3-r3 (including)
Junos Juniper 17.3-r3-s1 (including) 17.3-r3-s1 (including)
Junos Juniper 17.3-r3-s2 (including) 17.3-r3-s2 (including)
Junos Juniper 17.3-r3-s3 (including) 17.3-r3-s3 (including)
Junos Juniper 17.3-r3-s4 (including) 17.3-r3-s4 (including)
Junos Juniper 17.3-r3-s5 (including) 17.3-r3-s5 (including)
Junos Juniper 17.3-r3-s6 (including) 17.3-r3-s6 (including)
Junos Juniper 17.3-r3-s7 (including) 17.3-r3-s7 (including)
Junos Juniper 17.3-r3-s8 (including) 17.3-r3-s8 (including)
Junos Juniper 17.3-r3-s9 (including) 17.3-r3-s9 (including)
Junos Juniper 17.4 (including) 17.4 (including)
Junos Juniper 17.4-r1 (including) 17.4-r1 (including)
Junos Juniper 17.4-r1-s1 (including) 17.4-r1-s1 (including)
Junos Juniper 17.4-r1-s2 (including) 17.4-r1-s2 (including)
Junos Juniper 17.4-r1-s3 (including) 17.4-r1-s3 (including)
Junos Juniper 17.4-r1-s4 (including) 17.4-r1-s4 (including)
Junos Juniper 17.4-r1-s5 (including) 17.4-r1-s5 (including)
Junos Juniper 17.4-r1-s6 (including) 17.4-r1-s6 (including)
Junos Juniper 17.4-r1-s7 (including) 17.4-r1-s7 (including)
Junos Juniper 17.4-r2 (including) 17.4-r2 (including)
Junos Juniper 17.4-r2-s1 (including) 17.4-r2-s1 (including)
Junos Juniper 17.4-r2-s10 (including) 17.4-r2-s10 (including)
Junos Juniper 17.4-r2-s11 (including) 17.4-r2-s11 (including)
Junos Juniper 17.4-r2-s2 (including) 17.4-r2-s2 (including)
Junos Juniper 17.4-r2-s3 (including) 17.4-r2-s3 (including)
Junos Juniper 17.4-r2-s4 (including) 17.4-r2-s4 (including)
Junos Juniper 17.4-r2-s5 (including) 17.4-r2-s5 (including)
Junos Juniper 17.4-r2-s6 (including) 17.4-r2-s6 (including)
Junos Juniper 17.4-r2-s7 (including) 17.4-r2-s7 (including)
Junos Juniper 17.4-r2-s8 (including) 17.4-r2-s8 (including)
Junos Juniper 17.4-r2-s9 (including) 17.4-r2-s9 (including)
Junos Juniper 17.4-r3 (including) 17.4-r3 (including)
Junos Juniper 17.4-r3-s1 (including) 17.4-r3-s1 (including)
Junos Juniper 17.4-r3-s2 (including) 17.4-r3-s2 (including)
Junos Juniper 18.2 (including) 18.2 (including)
Junos Juniper 18.2-r1 (including) 18.2-r1 (including)
Junos Juniper 18.2-r1-s2 (including) 18.2-r1-s2 (including)
Junos Juniper 18.2-r1-s3 (including) 18.2-r1-s3 (including)
Junos Juniper 18.2-r1-s4 (including) 18.2-r1-s4 (including)
Junos Juniper 18.2-r1-s5 (including) 18.2-r1-s5 (including)
Junos Juniper 18.2-r2 (including) 18.2-r2 (including)
Junos Juniper 18.2-r2-s1 (including) 18.2-r2-s1 (including)
Junos Juniper 18.2-r2-s2 (including) 18.2-r2-s2 (including)
Junos Juniper 18.2-r2-s3 (including) 18.2-r2-s3 (including)
Junos Juniper 18.2-r2-s4 (including) 18.2-r2-s4 (including)
Junos Juniper 18.2-r2-s5 (including) 18.2-r2-s5 (including)
Junos Juniper 18.2-r2-s6 (including) 18.2-r2-s6 (including)
Junos Juniper 18.2-r2-s7 (including) 18.2-r2-s7 (including)
Junos Juniper 18.2-r3 (including) 18.2-r3 (including)
Junos Juniper 18.2-r3-s1 (including) 18.2-r3-s1 (including)
Junos Juniper 18.2-r3-s2 (including) 18.2-r3-s2 (including)
Junos Juniper 18.2-r3-s3 (including) 18.2-r3-s3 (including)
Junos Juniper 18.3 (including) 18.3 (including)
Junos Juniper 18.3-r1 (including) 18.3-r1 (including)
Junos Juniper 18.3-r1-s1 (including) 18.3-r1-s1 (including)
Junos Juniper 18.3-r1-s2 (including) 18.3-r1-s2 (including)
Junos Juniper 18.3-r1-s3 (including) 18.3-r1-s3 (including)
Junos Juniper 18.3-r1-s4 (including) 18.3-r1-s4 (including)
Junos Juniper 18.3-r1-s5 (including) 18.3-r1-s5 (including)
Junos Juniper 18.3-r1-s6 (including) 18.3-r1-s6 (including)
Junos Juniper 18.3-r2 (including) 18.3-r2 (including)
Junos Juniper 18.3-r2-s1 (including) 18.3-r2-s1 (including)
Junos Juniper 18.3-r2-s2 (including) 18.3-r2-s2 (including)
Junos Juniper 18.3-r2-s3 (including) 18.3-r2-s3 (including)
Junos Juniper 18.3-r2-s4 (including) 18.3-r2-s4 (including)
Junos Juniper 18.3-r3 (including) 18.3-r3 (including)
Junos Juniper 18.3-r3-s1 (including) 18.3-r3-s1 (including)
Junos Juniper 18.3-r3-s2 (including) 18.3-r3-s2 (including)
Junos Juniper 18.3-r3-s3 (including) 18.3-r3-s3 (including)
Junos Juniper 18.4 (including) 18.4 (including)
Junos Juniper 18.4-r1 (including) 18.4-r1 (including)
Junos Juniper 18.4-r1-s1 (including) 18.4-r1-s1 (including)
Junos Juniper 18.4-r1-s2 (including) 18.4-r1-s2 (including)
Junos Juniper 18.4-r1-s3 (including) 18.4-r1-s3 (including)
Junos Juniper 18.4-r1-s4 (including) 18.4-r1-s4 (including)
Junos Juniper 18.4-r1-s5 (including) 18.4-r1-s5 (including)
Junos Juniper 18.4-r1-s6 (including) 18.4-r1-s6 (including)
Junos Juniper 18.4-r1-s7 (including) 18.4-r1-s7 (including)
Junos Juniper 18.4-r2 (including) 18.4-r2 (including)
Junos Juniper 18.4-r2-s1 (including) 18.4-r2-s1 (including)
Junos Juniper 18.4-r2-s2 (including) 18.4-r2-s2 (including)
Junos Juniper 18.4-r2-s3 (including) 18.4-r2-s3 (including)
Junos Juniper 18.4-r2-s4 (including) 18.4-r2-s4 (including)
Junos Juniper 18.4-r2-s5 (including) 18.4-r2-s5 (including)
Junos Juniper 18.4-r2-s6 (including) 18.4-r2-s6 (including)
Junos Juniper 18.4-r3 (including) 18.4-r3 (including)
Junos Juniper 18.4-r3-s1 (including) 18.4-r3-s1 (including)
Junos Juniper 18.4-r3-s2 (including) 18.4-r3-s2 (including)
Junos Juniper 18.4-r3-s3 (including) 18.4-r3-s3 (including)
Junos Juniper 18.4-r3-s4 (including) 18.4-r3-s4 (including)
Junos Juniper 18.4-r3-s5 (including) 18.4-r3-s5 (including)
Junos Juniper 19.2 (including) 19.2 (including)
Junos Juniper 19.2-r1 (including) 19.2-r1 (including)
Junos Juniper 19.2-r1-s1 (including) 19.2-r1-s1 (including)
Junos Juniper 19.2-r1-s2 (including) 19.2-r1-s2 (including)
Junos Juniper 19.2-r1-s3 (including) 19.2-r1-s3 (including)
Junos Juniper 19.2-r1-s4 (including) 19.2-r1-s4 (including)
Junos Juniper 19.2-r1-s5 (including) 19.2-r1-s5 (including)
Junos Juniper 19.2-r2 (including) 19.2-r2 (including)
Junos Juniper 19.2-r2-s1 (including) 19.2-r2-s1 (including)
Junos Juniper 19.2-r3 (including) 19.2-r3 (including)
Junos Juniper 19.2-r3-s1 (including) 19.2-r3-s1 (including)
Junos Juniper 19.3 (including) 19.3 (including)
Junos Juniper 19.3-r1 (including) 19.3-r1 (including)
Junos Juniper 19.3-r1-s1 (including) 19.3-r1-s1 (including)
Junos Juniper 19.3-r2 (including) 19.3-r2 (including)
Junos Juniper 19.3-r2-s1 (including) 19.3-r2-s1 (including)
Junos Juniper 19.3-r2-s2 (including) 19.3-r2-s2 (including)
Junos Juniper 19.3-r2-s3 (including) 19.3-r2-s3 (including)
Junos Juniper 19.3-r2-s4 (including) 19.3-r2-s4 (including)
Junos Juniper 19.3-r2-s5 (including) 19.3-r2-s5 (including)
Junos Juniper 19.3-r3 (including) 19.3-r3 (including)
Junos Juniper 19.4-r1 (including) 19.4-r1 (including)
Junos Juniper 19.4-r1-s1 (including) 19.4-r1-s1 (including)
Junos Juniper 19.4-r1-s2 (including) 19.4-r1-s2 (including)
Junos Juniper 19.4-r2 (including) 19.4-r2 (including)
Junos Juniper 19.4-r2-s1 (including) 19.4-r2-s1 (including)
Junos Juniper 20.2-r1 (including) 20.2-r1 (including)
Junos Juniper 20.2-r1-s1 (including) 20.2-r1-s1 (including)
Junos Juniper 20.2-r1-s2 (including) 20.2-r1-s2 (including)
Junos Juniper 20.3-r1 (including) 20.3-r1 (including)

Extended Description

Limited resources include memory, file system storage, database connection pool entries, and CPU. If an attacker can trigger the allocation of these limited resources, but the number or size of the resources is not controlled, then the attacker could cause a denial of service that consumes all available resources. This would prevent valid users from accessing the product, and it could potentially have an impact on the surrounding environment. For example, a memory exhaustion attack against an application could slow down the application as well as its host operating system. There are at least three distinct scenarios which can commonly lead to resource exhaustion:

Resource exhaustion problems are often result due to an incorrect implementation of the following situations:

Potential Mitigations

  • Mitigation of resource exhaustion attacks requires that the target system either:

  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.

  • The second solution is simply difficult to effectively institute – and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.

References