Juniper Networks, Inc. Information for VU#192995

Integer overflow in xdr_array() function when deserializing the XDR stream

Status

Not Affected

Vendor Statement

The Juniper Networks SDX-300 Service Deployment System (SSC) does use XDR for communication with an ERX edge router, but does not make use of the Sun RPC libraries. The SDX-300 product is not vulnerable to the Sun RPC XDR buffer overflow as outlined in this CERT advisory.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Vendor References

None

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.