CVE-2019-0064: Junos OS: SRX5000 Series: flowd process crash due to receipt of specific TCP packet
First published: Wed Oct 09 2019(Updated: )
On SRX5000 Series devices, if 'set security zones security-zone <zone> tcp-rst' is configured, the flowd process may crash when a specific TCP packet is received by the device and triggers a new session. The process restarts automatically. However, receipt of a constant stream of these TCP packets may result in an extended Denial of Service (DoS) condition on the device. This issue affects Juniper Networks Junos OS: 18.2R3 on SRX 5000 Series; 18.4R2 on SRX 5000 Series; 19.2R1 on SRX 5000 Series.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper JUNOS | =18.2-r3 | |
| Juniper JUNOS | =18.4-r2 | |
| Juniper JUNOS | =19.2-r1 | |
| Juniper Srx5400 | ||
| Juniper Srx5600 | ||
| Juniper Srx5800 |
Remedy
The following software releases have been updated to resolve this specific issue: 18.2R3-S1, 18.4R2-S1, 18.4R3, 19.2R1-S1, 19.2R2, 19.3R1, and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/remedy
- agent/severity
- agent/author
- agent/title
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/juniper
- canonical/juniper junos
- version/juniper junos/18.2-r3
- version/juniper junos/18.4-r2
- version/juniper junos/19.2-r1
- canonical/juniper srx5400
- canonical/juniper srx5600
- canonical/juniper srx5800