"value":"\nA Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).\n\nIf an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE.\n\nThe primary RE is not impacted by this issue and there is no impact on traffic.\n\nThis issue only affects devices with NSR enabled.\n\nThis issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S2;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3;\n * 23.1 versions earlier than 23.1R2;\n * 23.2 versions earlier than 23.2R1-S2, 23.2R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.3R3-S5-EVO;\n * 21.4-EVO versions earlier than 21.4R3-S5-EVO;\n * 22.1-EVO versions earlier than 22.1R3-S4-EVO;\n * 22.2-EVO versions earlier than 22.2R3-S2-EVO;\n * 22.3-EVO versions later than 22.3R1-EVO;\n * 22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO;\n * 23.1-EVO versions earlier than 23.1R2-EVO;\n * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.\n\n\n\n\n\n\n"
"value":"Una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n Heap de la memoria en el Routing Protocol Daemon (RPD) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante basado en red no autenticado provoque una denegaci\u00f3n de servicio (DoS). Si un atacante env\u00eda un mensaje de ACTUALIZACI\u00d3N de BGP espec\u00edfico al dispositivo, esto provocar\u00e1 una sobrescritura de la memoria y, por lo tanto, un bloqueo del RPD y un reinicio en el Routing Engine (RE) de respaldo. La recepci\u00f3n continua de estos paquetes provocar\u00e1 una condici\u00f3n sostenida de Denegaci\u00f3n de Servicio (DoS) en el RE de respaldo. El RE principal no se ve afectado por este problema y no hay ning\u00fan impacto en el tr\u00e1fico. Este problema solo afecta a dispositivos con NSR habilitado. Este problema requiere que un atacante tenga una sesi\u00f3n BGP establecida en un sistema afectado por el problema. Este problema afecta tanto a las implementaciones de eBGP como de iBGP. Este problema afecta a: Juniper Networks Junos OS * Todas las versiones anteriores a 20.4R3-S9; * Versiones 21.2 anteriores a 21.2R3-S7; * Versiones 21.3 anteriores a 21.3R3-S5; * Versiones 21.4 anteriores a 21.4R3-S5; * Versiones 22.1 anteriores a 22.1R3-S4; * Versiones 22.2 anteriores a 22.2R3-S2; * Versiones 22.3 anteriores a 22.3R3-S1; * Versiones 22.4 anteriores a 22.4R2-S2, 22.4R3; * Versiones 23.1 anteriores a 23.1R2; * Versiones 23.2 anteriores a 23.2R1-S2, 23.2R2. Juniper Networks Junos OS Evolved * Todas las versiones anteriores a 21.3R3-S5-EVO; * Versiones 21.4-EVO anteriores a 21.4R3-S5-EVO; * Versiones 22.1-EVO anteriores a 22.1R3-S4-EVO; * Versiones 22.2-EVO anteriores a 22.2R3-S2-EVO; * Versiones 22.3-EVO posteriores a 22.3R1-EVO; * Versiones 22.4-EVO anteriores a 22.4R2-S2-EVO, 22.4R3-EVO; * Versiones 23.1-EVO anteriores a 23.1R2-EVO; * Versiones 23.2-EVO anteriores a 23.2R1-S2-EVO, 23.2R2-EVO."
