CVE-2018-0017
Summary
| CVE | CVE-2018-0017 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-04-11 19:29:00 UTC |
| Updated | 2019-10-09 23:30:00 UTC |
| Description | A vulnerability in the Network Address Translation - Protocol Translation (NAT-PT) feature of Junos OS on SRX series devices may allow a certain valid IPv6 packet to crash the flowd daemon. Repeated crashes of the flowd daemon can result in an extended denial of service condition for the SRX device. Affected releases are Juniper Networks Junos OS: 12.1X46 versions prior to 12.1X46-D72; 12.3X48 versions prior to 12.3X48-D55; 15.1X49 versions prior to 15.1X49-D90. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Juniper | Junos | All | All | All | All |
| Operating System | Juniper | Junos | All | All | All | All |
| Operating System | Juniper | Junos | All | All | All | All |
| Operating System | Juniper | Junos | All | All | All | All |
| Operating System | Juniper | Junos | All | All | All | All |
| Operating System | Juniper | Junos | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Juniper Junos CVE-2018-0017 Denial of Service Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| 2018-04 Security Bulletin: SRX Series: Denial of service vulnerability in flowd daemon on devices configured with NAT-PT (CVE-2018-0017) - Juniper Networks | CONFIRM | kb.juniper.net | Vendor Advisory |
| Juniper Junos Processing Flaw in NAT-PT Function Lets Remote Users Cause the Target Service to Crash - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.