An Access of Uninitialized Pointer vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). When an MPLS ping is performed on BGP LSPs, the RPD might crash. Repeated execution of this operation will lead to a sustained DoS. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S12; 19.1 versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R1-S9, 19.2R3-S5; 19.3 versions prior to 19.3R3-S6; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S4; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R1-S1, 21.1R2; Juniper Networks Junos OS Evolved: All versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R2-EVO.
The product accesses or uses a pointer that has not been initialized.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Junos | Juniper | 15.1 (including) | 15.1 (including) |
| Junos | Juniper | 15.1-a1 (including) | 15.1-a1 (including) |
| Junos | Juniper | 15.1-f1 (including) | 15.1-f1 (including) |
| Junos | Juniper | 15.1-f2 (including) | 15.1-f2 (including) |
| Junos | Juniper | 15.1-f2-s1 (including) | 15.1-f2-s1 (including) |
| Junos | Juniper | 15.1-f2-s2 (including) | 15.1-f2-s2 (including) |
| Junos | Juniper | 15.1-f2-s3 (including) | 15.1-f2-s3 (including) |
| Junos | Juniper | 15.1-f2-s4 (including) | 15.1-f2-s4 (including) |
| Junos | Juniper | 15.1-f3 (including) | 15.1-f3 (including) |
| Junos | Juniper | 15.1-f4 (including) | 15.1-f4 (including) |
| Junos | Juniper | 15.1-f5 (including) | 15.1-f5 (including) |
| Junos | Juniper | 15.1-f5-s7 (including) | 15.1-f5-s7 (including) |
| Junos | Juniper | 15.1-f6 (including) | 15.1-f6 (including) |
| Junos | Juniper | 15.1-f6-s1 (including) | 15.1-f6-s1 (including) |
| Junos | Juniper | 15.1-f6-s10 (including) | 15.1-f6-s10 (including) |
| Junos | Juniper | 15.1-f6-s12 (including) | 15.1-f6-s12 (including) |
| Junos | Juniper | 15.1-f6-s2 (including) | 15.1-f6-s2 (including) |
| Junos | Juniper | 15.1-f6-s3 (including) | 15.1-f6-s3 (including) |
| Junos | Juniper | 15.1-f6-s4 (including) | 15.1-f6-s4 (including) |
| Junos | Juniper | 15.1-f6-s5 (including) | 15.1-f6-s5 (including) |
| Junos | Juniper | 15.1-f6-s6 (including) | 15.1-f6-s6 (including) |
| Junos | Juniper | 15.1-f6-s7 (including) | 15.1-f6-s7 (including) |
| Junos | Juniper | 15.1-f6-s8 (including) | 15.1-f6-s8 (including) |
| Junos | Juniper | 15.1-f6-s9 (including) | 15.1-f6-s9 (including) |
| Junos | Juniper | 15.1-f7 (including) | 15.1-f7 (including) |
| Junos | Juniper | 15.1-r1 (including) | 15.1-r1 (including) |
| Junos | Juniper | 15.1-r2 (including) | 15.1-r2 (including) |
| Junos | Juniper | 15.1-r3 (including) | 15.1-r3 (including) |
| Junos | Juniper | 15.1-r4 (including) | 15.1-r4 (including) |
| Junos | Juniper | 15.1-r4-s7 (including) | 15.1-r4-s7 (including) |
| Junos | Juniper | 15.1-r4-s8 (including) | 15.1-r4-s8 (including) |
| Junos | Juniper | 15.1-r4-s9 (including) | 15.1-r4-s9 (including) |
| Junos | Juniper | 15.1-r5 (including) | 15.1-r5 (including) |
| Junos | Juniper | 15.1-r5-s1 (including) | 15.1-r5-s1 (including) |
| Junos | Juniper | 15.1-r5-s3 (including) | 15.1-r5-s3 (including) |
| Junos | Juniper | 15.1-r5-s5 (including) | 15.1-r5-s5 (including) |
| Junos | Juniper | 15.1-r5-s6 (including) | 15.1-r5-s6 (including) |
| Junos | Juniper | 15.1-r6 (including) | 15.1-r6 (including) |
| Junos | Juniper | 15.1-r6-s1 (including) | 15.1-r6-s1 (including) |
| Junos | Juniper | 15.1-r6-s2 (including) | 15.1-r6-s2 (including) |
| Junos | Juniper | 15.1-r6-s3 (including) | 15.1-r6-s3 (including) |
| Junos | Juniper | 15.1-r6-s4 (including) | 15.1-r6-s4 (including) |
| Junos | Juniper | 15.1-r6-s6 (including) | 15.1-r6-s6 (including) |
| Junos | Juniper | 15.1-r7 (including) | 15.1-r7 (including) |
| Junos | Juniper | 15.1-r7-s1 (including) | 15.1-r7-s1 (including) |
| Junos | Juniper | 15.1-r7-s10 (including) | 15.1-r7-s10 (including) |
| Junos | Juniper | 15.1-r7-s11 (including) | 15.1-r7-s11 (including) |
| Junos | Juniper | 15.1-r7-s2 (including) | 15.1-r7-s2 (including) |
| Junos | Juniper | 15.1-r7-s3 (including) | 15.1-r7-s3 (including) |
| Junos | Juniper | 15.1-r7-s4 (including) | 15.1-r7-s4 (including) |
| Junos | Juniper | 15.1-r7-s5 (including) | 15.1-r7-s5 (including) |
| Junos | Juniper | 15.1-r7-s6 (including) | 15.1-r7-s6 (including) |
| Junos | Juniper | 15.1-r7-s7 (including) | 15.1-r7-s7 (including) |
| Junos | Juniper | 15.1-r7-s8 (including) | 15.1-r7-s8 (including) |
| Junos | Juniper | 15.1-r7-s9 (including) | 15.1-r7-s9 (including) |
| Junos | Juniper | 19.1 (including) | 19.1 (including) |
| Junos | Juniper | 19.1-r1 (including) | 19.1-r1 (including) |
| Junos | Juniper | 19.1-r1-s1 (including) | 19.1-r1-s1 (including) |
| Junos | Juniper | 19.1-r1-s2 (including) | 19.1-r1-s2 (including) |
| Junos | Juniper | 19.1-r1-s3 (including) | 19.1-r1-s3 (including) |
| Junos | Juniper | 19.1-r1-s4 (including) | 19.1-r1-s4 (including) |
| Junos | Juniper | 19.1-r1-s5 (including) | 19.1-r1-s5 (including) |
| Junos | Juniper | 19.1-r1-s6 (including) | 19.1-r1-s6 (including) |
| Junos | Juniper | 19.1-r2 (including) | 19.1-r2 (including) |
| Junos | Juniper | 19.1-r2-s1 (including) | 19.1-r2-s1 (including) |
| Junos | Juniper | 19.1-r2-s2 (including) | 19.1-r2-s2 (including) |
| Junos | Juniper | 19.1-r2-s3 (including) | 19.1-r2-s3 (including) |
| Junos | Juniper | 19.1-r3 (including) | 19.1-r3 (including) |
| Junos | Juniper | 19.1-r3-s1 (including) | 19.1-r3-s1 (including) |
| Junos | Juniper | 19.1-r3-s2 (including) | 19.1-r3-s2 (including) |
| Junos | Juniper | 19.1-r3-s3 (including) | 19.1-r3-s3 (including) |
| Junos | Juniper | 19.1-r3-s4 (including) | 19.1-r3-s4 (including) |
| Junos | Juniper | 19.1-r3-s5 (including) | 19.1-r3-s5 (including) |
| Junos | Juniper | 19.1-r3-s6 (including) | 19.1-r3-s6 (including) |
| Junos | Juniper | 19.1-r3-s7 (including) | 19.1-r3-s7 (including) |
| Junos | Juniper | 19.1-r3-s8 (including) | 19.1-r3-s8 (including) |
| Junos | Juniper | 19.2 (including) | 19.2 (including) |
| Junos | Juniper | 19.2-r1 (including) | 19.2-r1 (including) |
| Junos | Juniper | 19.2-r1-s1 (including) | 19.2-r1-s1 (including) |
| Junos | Juniper | 19.2-r1-s2 (including) | 19.2-r1-s2 (including) |
| Junos | Juniper | 19.2-r1-s3 (including) | 19.2-r1-s3 (including) |
| Junos | Juniper | 19.2-r1-s4 (including) | 19.2-r1-s4 (including) |
| Junos | Juniper | 19.2-r1-s5 (including) | 19.2-r1-s5 (including) |
| Junos | Juniper | 19.2-r1-s6 (including) | 19.2-r1-s6 (including) |
| Junos | Juniper | 19.2-r1-s7 (including) | 19.2-r1-s7 (including) |
| Junos | Juniper | 19.2-r1-s8 (including) | 19.2-r1-s8 (including) |
| Junos | Juniper | 19.2-r3 (including) | 19.2-r3 (including) |
| Junos | Juniper | 19.2-r3-s1 (including) | 19.2-r3-s1 (including) |
| Junos | Juniper | 19.2-r3-s2 (including) | 19.2-r3-s2 (including) |
| Junos | Juniper | 19.2-r3-s3 (including) | 19.2-r3-s3 (including) |
| Junos | Juniper | 19.2-r3-s4 (including) | 19.2-r3-s4 (including) |
| Junos | Juniper | 19.3 (including) | 19.3 (including) |
| Junos | Juniper | 19.3-r1 (including) | 19.3-r1 (including) |
| Junos | Juniper | 19.3-r1-s1 (including) | 19.3-r1-s1 (including) |
| Junos | Juniper | 19.3-r2 (including) | 19.3-r2 (including) |
| Junos | Juniper | 19.3-r2-s1 (including) | 19.3-r2-s1 (including) |
| Junos | Juniper | 19.3-r2-s2 (including) | 19.3-r2-s2 (including) |
| Junos | Juniper | 19.3-r2-s3 (including) | 19.3-r2-s3 (including) |
| Junos | Juniper | 19.3-r2-s4 (including) | 19.3-r2-s4 (including) |
| Junos | Juniper | 19.3-r2-s5 (including) | 19.3-r2-s5 (including) |
| Junos | Juniper | 19.3-r2-s6 (including) | 19.3-r2-s6 (including) |
| Junos | Juniper | 19.3-r3 (including) | 19.3-r3 (including) |
| Junos | Juniper | 19.3-r3-s1 (including) | 19.3-r3-s1 (including) |
| Junos | Juniper | 19.3-r3-s2 (including) | 19.3-r3-s2 (including) |
| Junos | Juniper | 19.3-r3-s3 (including) | 19.3-r3-s3 (including) |
| Junos | Juniper | 19.3-r3-s4 (including) | 19.3-r3-s4 (including) |
| Junos | Juniper | 19.3-r3-s5 (including) | 19.3-r3-s5 (including) |
| Junos | Juniper | 19.4 (including) | 19.4 (including) |
| Junos | Juniper | 19.4-r1 (including) | 19.4-r1 (including) |
| Junos | Juniper | 19.4-r1-s1 (including) | 19.4-r1-s1 (including) |
| Junos | Juniper | 19.4-r1-s2 (including) | 19.4-r1-s2 (including) |
| Junos | Juniper | 19.4-r1-s3 (including) | 19.4-r1-s3 (including) |
| Junos | Juniper | 19.4-r1-s4 (including) | 19.4-r1-s4 (including) |
| Junos | Juniper | 19.4-r2 (including) | 19.4-r2 (including) |
| Junos | Juniper | 19.4-r2-s1 (including) | 19.4-r2-s1 (including) |
| Junos | Juniper | 19.4-r2-s2 (including) | 19.4-r2-s2 (including) |
| Junos | Juniper | 19.4-r2-s3 (including) | 19.4-r2-s3 (including) |
| Junos | Juniper | 19.4-r2-s4 (including) | 19.4-r2-s4 (including) |
| Junos | Juniper | 19.4-r2-s5 (including) | 19.4-r2-s5 (including) |
| Junos | Juniper | 19.4-r2-s6 (including) | 19.4-r2-s6 (including) |
| Junos | Juniper | 19.4-r3 (including) | 19.4-r3 (including) |
| Junos | Juniper | 19.4-r3-s1 (including) | 19.4-r3-s1 (including) |
| Junos | Juniper | 19.4-r3-s2 (including) | 19.4-r3-s2 (including) |
| Junos | Juniper | 19.4-r3-s3 (including) | 19.4-r3-s3 (including) |
| Junos | Juniper | 19.4-r3-s4 (including) | 19.4-r3-s4 (including) |
| Junos | Juniper | 19.4-r3-s5 (including) | 19.4-r3-s5 (including) |
| Junos | Juniper | 19.4-r3-s6 (including) | 19.4-r3-s6 (including) |
| Junos | Juniper | 19.4-r3-s7 (including) | 19.4-r3-s7 (including) |
| Junos | Juniper | 20.1 (including) | 20.1 (including) |
| Junos | Juniper | 20.1-r1 (including) | 20.1-r1 (including) |
| Junos | Juniper | 20.1-r1-s1 (including) | 20.1-r1-s1 (including) |
| Junos | Juniper | 20.1-r1-s2 (including) | 20.1-r1-s2 (including) |
| Junos | Juniper | 20.1-r1-s3 (including) | 20.1-r1-s3 (including) |
| Junos | Juniper | 20.1-r1-s4 (including) | 20.1-r1-s4 (including) |
| Junos | Juniper | 20.1-r2 (including) | 20.1-r2 (including) |
| Junos | Juniper | 20.1-r2-s1 (including) | 20.1-r2-s1 (including) |
| Junos | Juniper | 20.1-r2-s2 (including) | 20.1-r2-s2 (including) |
| Junos | Juniper | 20.1-r3 (including) | 20.1-r3 (including) |
| Junos | Juniper | 20.1-r3-s1 (including) | 20.1-r3-s1 (including) |
| Junos | Juniper | 20.1-r3-s2 (including) | 20.1-r3-s2 (including) |
| Junos | Juniper | 20.1-r3-s3 (including) | 20.1-r3-s3 (including) |
| Junos | Juniper | 20.2 (including) | 20.2 (including) |
| Junos | Juniper | 20.2-r1 (including) | 20.2-r1 (including) |
| Junos | Juniper | 20.2-r1-s1 (including) | 20.2-r1-s1 (including) |
| Junos | Juniper | 20.2-r1-s2 (including) | 20.2-r1-s2 (including) |
| Junos | Juniper | 20.2-r1-s3 (including) | 20.2-r1-s3 (including) |
| Junos | Juniper | 20.2-r2 (including) | 20.2-r2 (including) |
| Junos | Juniper | 20.2-r2-s1 (including) | 20.2-r2-s1 (including) |
| Junos | Juniper | 20.2-r2-s2 (including) | 20.2-r2-s2 (including) |
| Junos | Juniper | 20.2-r2-s3 (including) | 20.2-r2-s3 (including) |
| Junos | Juniper | 20.2-r3 (including) | 20.2-r3 (including) |
| Junos | Juniper | 20.2-r3-s1 (including) | 20.2-r3-s1 (including) |
| Junos | Juniper | 20.2-r3-s2 (including) | 20.2-r3-s2 (including) |
| Junos | Juniper | 20.2-r3-s3 (including) | 20.2-r3-s3 (including) |
| Junos | Juniper | 20.2-r3-s4 (including) | 20.2-r3-s4 (including) |
| Junos | Juniper | 20.3 (including) | 20.3 (including) |
| Junos | Juniper | 20.3-r1 (including) | 20.3-r1 (including) |
| Junos | Juniper | 20.3-r1-s1 (including) | 20.3-r1-s1 (including) |
| Junos | Juniper | 20.3-r1-s2 (including) | 20.3-r1-s2 (including) |
| Junos | Juniper | 20.3-r2 (including) | 20.3-r2 (including) |
| Junos | Juniper | 20.3-r2-s1 (including) | 20.3-r2-s1 (including) |
| Junos | Juniper | 20.3-r3 (including) | 20.3-r3 (including) |
| Junos | Juniper | 20.3-r3-s1 (including) | 20.3-r3-s1 (including) |
| Junos | Juniper | 20.3-r3-s2 (including) | 20.3-r3-s2 (including) |
| Junos | Juniper | 20.3-r3-s3 (including) | 20.3-r3-s3 (including) |
| Junos | Juniper | 20.3-r3-s4 (including) | 20.3-r3-s4 (including) |
| Junos | Juniper | 20.4 (including) | 20.4 (including) |
| Junos | Juniper | 20.4-r1 (including) | 20.4-r1 (including) |
| Junos | Juniper | 20.4-r1-s1 (including) | 20.4-r1-s1 (including) |
| Junos | Juniper | 20.4-r2 (including) | 20.4-r2 (including) |
| Junos | Juniper | 20.4-r2-s1 (including) | 20.4-r2-s1 (including) |
| Junos | Juniper | 20.4-r2-s2 (including) | 20.4-r2-s2 (including) |
| Junos | Juniper | 20.4-r3 (including) | 20.4-r3 (including) |
| Junos | Juniper | 20.4-r3-s1 (including) | 20.4-r3-s1 (including) |
| Junos | Juniper | 20.4-r3-s2 (including) | 20.4-r3-s2 (including) |
| Junos | Juniper | 20.4-r3-s3 (including) | 20.4-r3-s3 (including) |
| Junos | Juniper | 21.1 (including) | 21.1 (including) |
| Junos | Juniper | 21.1-r1 (including) | 21.1-r1 (including) |
| Junos_os_evolved | Juniper | 20.4 (including) | 20.4 (including) |
| Junos_os_evolved | Juniper | 20.4-r1 (including) | 20.4-r1 (including) |
| Junos_os_evolved | Juniper | 20.4-r1-s1 (including) | 20.4-r1-s1 (including) |
| Junos_os_evolved | Juniper | 20.4-r1-s2 (including) | 20.4-r1-s2 (including) |
| Junos_os_evolved | Juniper | 20.4-r2 (including) | 20.4-r2 (including) |
| Junos_os_evolved | Juniper | 20.4-r2-s1 (including) | 20.4-r2-s1 (including) |
| Junos_os_evolved | Juniper | 20.4-r2-s2 (including) | 20.4-r2-s2 (including) |
| Junos_os_evolved | Juniper | 20.4-r2-s3 (including) | 20.4-r2-s3 (including) |
| Junos_os_evolved | Juniper | 20.4-r3 (including) | 20.4-r3 (including) |
| Junos_os_evolved | Juniper | 20.4-r3-s1 (including) | 20.4-r3-s1 (including) |
| Junos_os_evolved | Juniper | 20.4-r3-s2 (including) | 20.4-r3-s2 (including) |
| Junos_os_evolved | Juniper | 20.4-r3-s3 (including) | 20.4-r3-s3 (including) |
| Junos_os_evolved | Juniper | 21.1 (including) | 21.1 (including) |
| Junos_os_evolved | Juniper | 21.1-r1 (including) | 21.1-r1 (including) |
| Junos_os_evolved | Juniper | 21.1-r1-s1 (including) | 21.1-r1-s1 (including) |
If the pointer contains an uninitialized value, then the value might not point to a valid memory location. This could cause the product to read from or write to unexpected memory locations, leading to a denial of service. If the uninitialized pointer is used as a function call, then arbitrary functions could be invoked. If an attacker can influence the portion of uninitialized memory that is contained in the pointer, this weakness could be leveraged to execute code or perform other attacks. Depending on memory layout, associated memory management behaviors, and product operation, the attacker might be able to influence the contents of the uninitialized pointer, thus gaining more fine-grained control of the memory location to be accessed.