Juniper JUNOS IPv6 denial-of-service vulnerability

ID VU:294036
Type cert
Reporter CERT
Modified 2006-07-17T00:00:00



Juniper JUNOS Internet Software contains a vulnerability in IPv6 handling that could allow a remote attacker to cause a denial of service.


Juniper router operating system software (JUNOS) does not properly free memory allocated for certain IPv6 packets. If a fixed amount of memory is exhausted, the system will crash. An attacker could exploit this vulnerability using specially crafted IPv6 packets.

Juniper T, M, and J-series routers running versions of JUNOS 6.4 - 8.0 built prior to May 10, 2006 are affected. Juniper's bug ID for this vulnerability is PR/67593.


A remote attacker could cause a denial of service on an affected device. Systems or networks that rely on a vulnerable router for connectivity would also be affected as a result.


Juniper has released updated versions of JUNOS. Please visit the Juniper support site (JTAC Security Bulletin PSN-2006-06-017, login required) for more information. There is also a public version of JTAC Security Bulletin PSN-2006-06-017.


Disable IPv6

Sites that are unable to update or do not require IPv6 should consider removing all IPv6 configuration parameters from the router.

Systems Affected

Vendor| Status| Date Notified| Date Updated
Juniper Networks, Inc.| | -| 11 Jul 2006
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A


  • <>
  • <>
  • <>


Thanks to Juniper for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

  • CVE IDs: CVE-2006-3529
  • Date Public: 10 Jul 2006
  • Date First Published: 11 Jul 2006
  • Date Last Updated: 17 Jul 2006
  • Severity Metric: 11.23
  • Document Revision: 30