CVE-2013-4685 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Juniper Junos

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

7.5%

top 8.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Junos Juniper Junos OS Juniper SRX Series

Timeline

PublishedJul 11

Latest updateMay 17

Description

Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices, when Captive Portal is enabled with the UAC enforcer role, allows remote attackers to execute arbitrary code via crafted HTTP requests, aka PR 849100.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDjuniper/junos4 versions+3

▶juniperjuniper/junos_os

▶juniperjuniper/srx_series

🔴Vulnerability Details

GHSA

GHSA-8fwj-2448-qrc2: Buffer overflow in flowd in Juniper Junos 10↗2022-05-17

▶

📋Vendor Advisories

Juniper

CVE-2013-4685: Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7, 12.1 before 12.1R6, and 12.1X44 before 12.1X44-D15 on SRX devices,↗2013-07-11

▶