CVE-2013-6013 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Juniper Junos

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

6.8MEDIUMNVD

EPSS

5.9%

top 9.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Junos Juniper Junos OS Juniper SRX Series

Timeline

PublishedOct 17

Latest updateMay 17

Description

Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12.1X45-D10 on SRX devices, when using telnet pass-through authentication on the firewall, might allow remote attackers to execute arbitrary code via a crafted telnet message.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶NVDjuniper/junos10.4+39

▶juniperjuniper/junos_os

▶juniperjuniper/srx_series

🔴Vulnerability Details

GHSA

GHSA-mcf9-3hx5-x5wc: Buffer overflow in the flow daemon (flowd) in Juniper Junos 10↗2022-05-17

▶

📋Vendor Advisories

Juniper

CVE-2013-6013: Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R7-S2, 12.1.X44 before 12.1X44-D15, 12.1X45 before 12↗2013-10-17

▶