24 matches found
Design/Logic Flaw
An Incorrect Behavior Order vulnerability in the MAP-E automatic tunneling mechanism of Juniper Networks Junos OS allows an attacker to send certain malformed IPv4 or IPv6 packets to cause a Denial of Service DoS to the PFE on the device which is disabled as a result of the processing of these...
CVE-2021-31379 Junos OS: MX Series: MPC 7/8/9/10/11 cards with MAP-E: PFE halts when an attacker sends malformed IPv4 or IPv6 traffic inside the MAP-E tunnel.
An Incorrect Behavior Order vulnerability in the MAP-E automatic tunneling mechanism of Juniper Networks Junos OS allows an attacker to send certain malformed IPv4 or IPv6 packets to cause a Denial of Service DoS to the PFE on the device which is disabled as a result of the processing of these...
QEMU: slirp: use-after-free in ip_reass() function in ip_input.c
A use-after-free flaw was found in the SLiRP networking implementation of the QEMU emulator. Specifically, this flaw occurs in the ipreass routine while reassembling incoming IP fragments whose combined size is bigger than 65k. This flaw allows an attacker to crash the QEMU process on the host,...
QEMU: slirp: use-after-free in ip_reass() function in ip_input.c
A use-after-free flaw was found in the SLiRP networking implementation of the QEMU emulator. Specifically, this flaw occurs in the ipreass routine while reassembling incoming IP fragments whose combined size is bigger than 65k. This flaw allows an attacker to crash the QEMU process on the host,...
Citrix Security Advisory for TCP/IP Reassembly Resource Exhaustion
Description of Problem Several vulnerabilities in TCP/IP reassembly commonly known as SegmentSmack and FragmentSmack have recently been disclosed. SegmentSmack is CVE-2018-5390 for Linux and CVE-2018-6922 for FreeBSD. FragmentSmack is CVE-2018-5391 for Linux and CVE-2018-6923 for FreeBSD. These...
QEMU: slirp: use-after-free in ip_reass() function in ip_input.c
A use-after-free flaw was found in the SLiRP networking implementation of the QEMU emulator. Specifically, this flaw occurs in the ipreass routine while reassembling incoming IP fragments whose combined size is bigger than 65k. This flaw allows an attacker to crash the QEMU process on the host,...
QEMU: slirp: use-after-free in ip_reass() function in ip_input.c
A use-after-free flaw was found in the SLiRP networking implementation of the QEMU emulator. Specifically, this flaw occurs in the ipreass routine while reassembling incoming IP fragments whose combined size is bigger than 65k. This flaw allows an attacker to crash the QEMU process on the host,...
QEMU: Slirp: use-after-free during packet reassembly
A use-after-free issue was found in the SLiRP networking implementation of the QEMU emulator. The issue occurs in ipreass routine while reassembling incoming packets, if the first fragment is bigger than the m-mdat buffer. A user or process could use this flaw to crash the QEMU process on the hos...
Juniper Junos MX Series PFE Small Packet DoS (JSA11036)
According to its self-reported version, the remote Juniper Junos OS device is affected by a denial of service DoS vulnerability. When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E...
Juniper Junos MX Series PFE Large Packet DoS (JSA11041)
According to its self-reported version, the remote Juniper Junos OS device is affected by a denial of service DoS vulnerability. When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E...
QEMU: slirp: use-after-free in ip_reass() function in ip_input.c
A use-after-free flaw was found in the SLiRP networking implementation of the QEMU emulator. Specifically, this flaw occurs in the ipreass routine while reassembling incoming IP fragments whose combined size is bigger than 65k. This flaw allows an attacker to crash the QEMU process on the host,...
CVE-2020-1655
When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine PFE will become disabled upon receipt of large packets requiring fragmentation,...
CVE-2020-1649
When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine PFE will become disabled upon receipt of small fragments requiring reassembly,...
Design/Logic Flaw
When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine PFE will become disabled upon receipt of large packets requiring fragmentation,...
Design/Logic Flaw
When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine PFE will become disabled upon receipt of small fragments requiring reassembly,...
CVE-2020-1655 Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of large packets requiring fragmentation
When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine PFE will become disabled upon receipt of large packets requiring fragmentation,...
CVE-2020-1655
CVE-2020-1655 affects Juniper Networks Junos OS on MX Series with MPC7/8/9 line cards when inline IP reassembly is enabled. The vulnerability enables an attacker to repeatedly disable the packet forwarding engine (PFE) by sending large fragmented packets that cannot be reassembled, causing a sust...
CVE-2020-1649 Junos OS: MX Series: PFE crash on MPC7/8/9 upon receipt of small fragments requiring reassembly
When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine PFE will become disabled upon receipt of small fragments requiring reassembly,...
CVE-2020-1649
CVE-2020-1649 affects Juniper Junos OS on MX Series with MPC7/8/9 line cards when inline IP reassembly is enabled. Continuous receipt of small fragments that cannot be reassembled can disable the packet forwarding engine (PFE), causing a sustained DoS. Affected Junos OS versions are listed across...
QEMU: slirp: heap buffer overflow during packet reassembly
A heap buffer overflow issue was found in the SLiRP networking implementation of the QEMU emulator. This flaw occurs in the ipreass routine while reassembling incoming packets if the first fragment is bigger than the m-mdat buffer. An attacker could use this flaw to crash the QEMU process on the...