"value":"In an EVPN/VXLAN scenario, if an IRB interface with a virtual gateway address (VGA) is configured on a PE, a traffic loop may occur upon receipt of specific IP multicast traffic. The traffic loop will cause interface traffic to increase abnormally, ultimately leading to a Denial of Service (DoS) in packet processing.\n\nThe following command could be used to monitor the interface traffic:\n user@junos> monitor interface traffic\n Interface Link Input packets (pps) Output packets (pps)\n et-0/0/1 Up 6492089274364 (70994959) 6492089235319 (70994956)\n et-0/0/25 Up 343458103 (1) 156844 (0)\n ae0 Up 9132519197257 (70994959) 9132519139454 (70994956) \n\nThis issue affects Juniper Networks Junos OS on QFX Series:\nall versions prior to 17.3R3-S10;\n17.4 versions prior to 17.4R2-S12, 17.4R3-S3;\n18.1 versions prior to 18.1R3-S11;\n18.2 versions prior to 18.2R3-S6;\n18.3 versions prior to 18.3R3-S4;\n18.4 versions prior to 18.4R2-S5, 18.4R3-S5;\n19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3;\n19.2 versions prior to 19.2R1-S5, 19.2R3-S1;\n19.3 versions prior to 19.3R2-S5, 19.3R3;\n19.4 versions prior to 19.4R2-S2, 19.4R3;\n20.1 versions prior to 20.1R2;\n20.2 versions prior to 20.2R1-S2, 20.2R2."
"value":"CWE-703 Improper Check or Handling of Exceptional Conditions"
}
]
}
]
},
"references":{
"reference_data":[
{
"name":"https://kb.juniper.net/JSA11111",
"refsource":"CONFIRM",
"url":"https://kb.juniper.net/JSA11111"
}
]
},
"solution":[
{
"lang":"eng",
"value":"The following software releases have been updated to resolve this specific issue: Junos OS 17.3R3-S10, 17.4R2-S12, 17.4R3-S3, 18.1R3-S11, 18.2R3-S6, 18.3R3-S4, 18.4R2-S5, 18.4R3-S5, 19.1R1-S6, 19.1R2-S2, 19.1R3-S3, 19.2R1-S5, 19.2R3-S1, 19.3R2-S5, 19.3R3, 19.4R2-S2, 19.4R3, 20.1R2, 20.2R1-S2, 20.2R2, 20.3R1, and all subsequent releases.\n"
}
],
"source":{
"advisory":"JSA11111",
"defect":[
"1518537"
],
"discovery":"USER"
},
"work_around":[
{
"lang":"eng",
"value":"There are no known workarounds for this issue."
