CVE-2014-3818

Published: Oct 14, 2014Modified: May 6, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, 12.1X44 before D40, 12.1X46 before D30, 12.1X47 before D11 and 12.147-D15, 12.1X48 before D41 and D62, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S2, 13.1X49 before D49, 13.1X50 before 30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D25, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when supporting 4-byte AS numbers and a BGP peer does not, allows remote attackers to cause a denial of service (memory corruption and RDP routing process crash and restart) via crafted transitive attributes in a BGP UPDATE.

Affected (34)

Products: Juniper: Junos

Juniper

1 product

Junos

Configuration A

34 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos	Version 10.0
Juniper Junos	Version 10.1
Juniper Junos	Version 10.2
Juniper Junos	Version 10.3
Juniper Junos	Version 10.4
Juniper Junos	Version 10.4r
Juniper Junos	Version 10.4s
Juniper Junos	Version 11.0
Juniper Junos	Version 11.1
Juniper Junos	Version 11.2
Juniper Junos	Version 11.3
Juniper Junos	Version 11.4
Juniper Junos	Version 12.1
Juniper Junos	Version 12.1x44
Juniper Junos	Version 12.1x46
Juniper Junos	Version 12.1x47
Juniper Junos	Version 12.1x48
Juniper Junos	Version 12.2
Juniper Junos	Version 12.2x50
Juniper Junos	Version 12.3
Juniper Junos	Version 13.1
Juniper Junos	Version 13.1x49
Juniper Junos	Version 13.1x50
Juniper Junos	Version 13.2
Juniper Junos	Version 13.2x50
Juniper Junos	Version 13.2x51
Juniper Junos	Version 13.2x52
Juniper Junos	Version 13.3
Juniper Junos	Version 14.1
Juniper Junos	Version 9.1
Juniper Junos	Version 9.2
Juniper Junos	Version 9.4
Juniper Junos	Version 9.5
Juniper Junos	Version 9.6

Related CWEs

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (4)

http://www.securitytracker.com/id/1031009

Source: cve@mitre.org

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10653

Source: cve@mitre.org

Vendor Advisory

http://www.securitytracker.com/id/1031009

Source: af854a3a-2127-422b-91ae-364da2661108

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10653

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.