Juniper Networks Junos OS and Junos OS Evolved Routing Protocol Daemon Expired Pointer Dereference Vulnerability Leading to Denial-of-Service

A vulnerability allowing expired pointer dereference has been identified in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. This vulnerability allows an unauthenticated, adjacent attacker to cause a denial-of-service condition. The issue arises on all platforms running Junos OS and Junos OS Evolved when an MPLS Label-Switched Path (LSP) is configured with node-link protection and transport class. In such cases, if an LSP flaps, the rpd process crashes and restarts. Continuous flapping of the LSP can lead to a sustained denial-of-service condition.

Impact

Exploitation of this vulnerability causes the rpd process to crash and restart, leading to a denial-of-service condition. On all Junos OS and Junos OS Evolved platforms, continuous flapping of an MPLS Label-Switched Path (LSP) configured with node-link protection and transport class can cause a sustained denial-of-service condition.

Remediation

Users can upgrade to Junos OS versions 22.2R3-S4, 22.4R3-S2, 23.2R2 or 23.4R2. For Junos OS Evolved, users can upgrade to versions 22.2R3-S4-EVO, 22.4R3-S2-EVO, 23.2R2-EVO or 23.4R2-EVO.