cve/2019/CVE-2019-0001.md

### [CVE-2019-0001](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0001)
![](https://img.shields.io/static/v1?label=Product&message=Junos%20OS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=16.116.1R7-S1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-674%3A%20Uncontrolled%20Recursion&color=brighgreen)

### Description

Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/reshcd/fullstack-hiring-challenge-2
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2019-0001](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0001)`
			`![](https://img.shields.io/static/v1?label=Product&message=Junos%20OS&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=16.116.1R7-S1%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-674%3A%20Uncontrolled%20Recursion&color=brighgreen)`

			`### Description`

			Receipt of a malformed packet on MX Series devices with dynamic vlan configuration can trigger an uncontrolled recursion loop in the Broadband Edge subscriber management daemon (bbe-smgd), and lead to high CPU usage and a crash of the bbe-smgd service. Repeated receipt of the same packet can result in an extended denial of service condition for the device. Affected releases are Juniper Networks Junos OS: 16.1 versions prior to 16.1R7-S1; 16.2 versions prior to 16.2R2-S7; 17.1 versions prior to 17.1R2-S10, 17.1R3; 17.2 versions prior to 17.2R3; 17.3 versions prior to 17.3R3-S1; 17.4 versions prior to 17.4R2; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2.

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/reshcd/fullstack-hiring-challenge-2`