This issue affects Junos OS 19.4, 20.1. This issue affects Junos OS Evolved 19.4-EVO, 20.1-EVO.
On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN configured, receipt of specific BGP packets causes a slow memory leak. If the memory is exhausted the rpd process might crash.
If the issue occurs, the memory leak could be seen by executing the "show task memory detail | match policy | match evpn" command multiple times to check if memory (Alloc Blocks value) is increasing.
root@device> show task memory detail | match policy | match evpn
------------------------ Allocator Memory Report ------------------------
Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes
Policy EVPN Params 20 24 3330678 79936272 3330678 79936272
root@device> show task memory detail | match policy | match evpn
------------------------ Allocator Memory Report ------------------------
Name | Size | Alloc DTXP Size | Alloc Blocks | Alloc Bytes | MaxAlloc Blocks | MaxAlloc Bytes
Policy EVPN Params 20 24 36620255 878886120 36620255 878886120
This issue affects:
Juniper Networks Junos OS
- 19.4 versions prior to 19.4R2;
- 20.1 versions prior to 20.1R1-S4, 20.1R2;
Juniper Networks Junos OS Evolved:
- 19.4 versions;
- 20.1 versions prior to 20.1R1-S4-EVO, 20.1R2-EVO;
- 20.2 versions prior to 20.2R1-EVO;
This issue does not affect:
Juniper Networks Junos OS releases prior to 19.4R1.
Juniper Networks Junos OS Evolved releases prior to 19.4R1-EVO.
The example of the configuration stanza affected by this issue is as follows:
[protocols evpn]
Juniper SIRT is not aware of any malicious exploitation of this vulnerability.
This issue was seen during production usage.
This issue has been assigned CVE-2020-1678.
The following software releases have been updated to resolve this specific issue:
Junos OS: 19.4R2, 19.4R3, 20.1R1-S4, 20.1R2, 20.2R1 and all subsequent releases.
Junos OS Evolved: 20.1R1-S4-EVO, 20.1R2-EVO, 20.2R1-EVO, and all subsequent releases.
This issue is being tracked as 1490269.
There are no viable workarounds for this issue.
Software releases or updates are available for download at
https://www.juniper.net/support/downloads/.
2020-10-14: Initial Publication.
Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories."