SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |   



Category:   Device (Router/Bridge/Hub)  >   Juniper Junos Vendors:   Juniper
(Juniper Issues Fix for Juniper Junos) cURL HTTP/2 Trailer Processor Out-of-Bound Memory Read Error Lets Remote Users Deny Service or Obtain Potentially Sensitive Information
SecurityTracker Alert ID:  1041320
SecurityTracker URL:  https://securitytracker.com/id/1041320
CVE Reference:   CVE-2018-1000005   (Links to External Site)
Date:  Jul 19 2018
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in cURL. A remote user can cause denial of service conditions on the target system. A remote user can obtain potentially sensitive information on the target system. Juniper Junos is affected.

A remote user can send a specially crafted HTTP/2 trailer to trigger an out-of-bounds memory read error and cause the application to crash or potentially sensitive information from services that echo back or otherwise use the trailers.

The vendor was notified on January 10, 2018.

Zhouyihai Ding reported this vulnerability.

Impact:   A remote user can cause denial of service conditions.

A remote user can obtain potentially sensitive information on the target system.

Solution:   The Juniper has issued a fix (12.1X46-D77, 12.3R12-S10, 12.3X48-D70, 12.3X54-D34, 14.1X53-D47, 14.1X53-D130, 15.1F6-S11, 15.1R4-S9, 15.1R7-S1, 15.1R8, 15.1X49-D140, 15.1X53-D67, 15.1X53-D234, 15.1X53-D471, 15.1X54-D70, 16.1R4-S10, 16.1R6-S4, 16.1R7, 16.2R1-S7, 16.2R2-S6, 16.2R3, 17.1R2-S7, 17.1R3, 17.2R1-S6, 17.2R2-S5, 17.2R3, 17.2X75-D100, 17.3R2-S2, 17.3R3, 17.4R1-S4, 17.4R2, 18.1R1-S1, 18.1R2, 18.2X75-D10, 18.2R1).

The Juniper advisory is available at:

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10874

Vendor URL:  kb.juniper.net/InfoCenter/index?page=content&id=JSA10874 (Links to External Site)
Cause:   Access control error

Message History:   This archive entry is a follow-up to the message listed below.
Jan 25 2018 cURL HTTP/2 Trailer Processor Out-of-Bound Memory Read Error Lets Remote Users Deny Service or Obtain Potentially Sensitive Information



 Source Message Contents

Subject:  https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10874


[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search


Content previously copyright SecurityGlobal.net LLC placed in the public domain on December 31, 2019.