[j-nsp] CVE-2023-4481

David Sinn dsinn at dsinn.com
Tue Aug 29 18:42:41 EDT 2023


A network I operate is going with:

        bgp-error-tolerance {
            malformed-route-limit 0;
        }

The thoughts being that there is no real reason to retain the malformed route and the default of 1000 is arbitrary. We haven't really seen a rash of them, so adjusting the logging hasn't proven needed yet.

I don't have anything running 14.x to test, but per the documentation the above should be supported from 13.2. 

David

> On Aug 29, 2023, at 2:06 PM, Randy Bush via juniper-nsp <juniper-nsp at puck.nether.net> wrote:
> 
> do we have a recommended `bgp-error-tolerance {}` config to deal with
> CVE-2023-4481?
> 
> and what does one do on antique hardwhere with. e.g., junos 14?
> 
> randy
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp



More information about the juniper-nsp mailing list