How severe is CVE-2020-1686?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2020-1686?

This is classified as CWE-415, which is a common weakness in software security.

CVE-2020-1686 - HIGH Severity | CVSS 7.5

Vulnerability Description

On Juniper Networks Junos OS devices, receipt of a malformed IPv6 packet may cause the system to crash and restart (vmcore). This issue can be trigged by a malformed IPv6 packet destined to the Routing Engine. An attacker can repeatedly send the offending packet resulting in an extended Denial of Service condition. Only IPv6 packets can trigger this issue. IPv4 packets cannot trigger this issue. This issue affects Juniper Networks Junos OS 18.4 versions prior to 18.4R2-S4, 18.4R3-S1; 19.1 versions prior to 19.1R2-S1, 19.1R3; 19.2 versions prior to 19.2R1-S5, 19.2R2; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2. This issue does not affect Juniper Networks Junos OS prior to 18.4R1.

Related Vulnerabilities

CVE-2005-0891

HIGH

CVSS:7.5(High)

Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.

CWE-4152005

CVE-2011-2335

HIGH

CVSS:7.5(High)

A double-free vulnerability exists in WebKit in Google Chrome before Blink M12 in the WebCore::CSSSelector function.

CWE-4152011

CVE-2015-5177

HIGH

CVSS:7.5(High)

Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.

CWE-4152015

CVE-2016-9969

HIGH

CVSS:7.5(High)

In libwebp 0.5.1, there is a double free bug in libwebpmux.

CWE-4152016

CVE-2017-18594

HIGH

CVSS:7.5(High)

nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-method...

CWE-4152017

CVE-2017-5836

HIGH

CVSS:7.5(High)

The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an inva...

CWE-4152017