CVE-2017-2344Improper Restriction of Operations within the Bounds of a Memory Buffer in Networks Junos OS

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 81.99%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Juniper Networks Junos OSJuniper JunosJuniper Junos OS
Timeline
PublishedJul 17
Latest updateMay 13

Description

A routine within an internal Junos OS sockets library is vulnerable to a buffer overflow. Malicious exploitation of this issue may lead to a denial of service (kernel panic) or be leveraged as a privilege escalation through local code execution. The routines are only accessible via programs running on the device itself, and veriexec restricts arbitrary programs from running on Junos OS. There are no known exploit vectors utilizing signed binaries shipped with Junos OS itself. Affected releases a

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

CVEListV5juniper_networks/junos_os15 versions+14
NVDjuniper/junos15 versions+14

🔴Vulnerability Details

1
GHSA
GHSA-pm8x-mc3r-72h9: A routine within an internal Junos OS sockets library is vulnerable to a buffer overflow2022-05-13

📋Vendor Advisories

1
Juniper
CVE-2017-2344: A routine within an internal Junos OS sockets library is vulnerable to a buffer overflow. Malicious exploitation of this issue may lead to a denial of2017-07-17
CVE-2017-2344 — Juniper Networks Junos OS vulnerability | cvebase