search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Juniper JUNOS IPv6 denial-of-service vulnerability

Vulnerability Note VU#294036

Original Release Date: 2006-07-11 | Last Revised: 2006-07-17


Juniper JUNOS Internet Software contains a vulnerability in IPv6 handling that could allow a remote attacker to cause a denial of service.


Juniper router operating system software (JUNOS) does not properly free memory allocated for certain IPv6 packets. If a fixed amount of memory is exhausted, the system will crash. An attacker could exploit this vulnerability using specially crafted IPv6 packets.

Juniper T, M, and J-series routers running versions of JUNOS 6.4 - 8.0 built prior to May 10, 2006 are affected. Juniper's bug ID for this vulnerability is PR/67593.


A remote attacker could cause a denial of service on an affected device. Systems or networks that rely on a vulnerable router for connectivity would also be affected as a result.


Juniper has released updated versions of JUNOS. Please visit the Juniper support site (JTAC Security Bulletin PSN-2006-06-017, login required) for more information. There is also a public version of JTAC Security Bulletin PSN-2006-06-017.


Disable IPv6

Sites that are unable to update or do not require IPv6 should consider removing all IPv6 configuration parameters from the router.

Vendor Information

Expand all

Juniper Networks, Inc.

Updated:  July 11, 2006



Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


Please see JTAC Security Bulletin PSN-2006-06-017 (login required) for more information. There is also a public version of JTAC Security Bulletin PSN-2006-06-017.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A



Thanks to Juniper for reporting this vulnerability.

This document was written by Ryan Giobbi.

Other Information

CVE IDs: CVE-2006-3529
Severity Metric: 11.23
Date Public: 2006-07-10
Date First Published: 2006-07-11
Date Last Updated: 2006-07-17 13:48 UTC
Document Revision: 30

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.