CVE-2019-0010Allocation of Resources Without Limits or Throttling in Networks Junos OS

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources
Severity
7.5HIGHNVD
EPSS
1.1%
top 21.80%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Juniper Networks Junos OSLinux KernelJuniper Junos+2 more
Timeline
PublishedJan 15
Latest updateMay 30

Description

An SRX Series Service Gateway configured for Unified Threat Management (UTM) may experience a system crash with the error message "mbuf exceed" -- an indication of memory buffer exhaustion -- due to the receipt of crafted HTTP traffic. Each crafted HTTP packet inspected by UTM consumes mbufs which can be identified through the following log messages: all_logs.0:Jun 8 03:25:03 srx1 node0.fpc4 : SPU3 jmpi mbuf stall 50%. all_logs.0:Jun 8 03:25:13 srx1 node0.fpc4 : SPU3 jmpi mbuf stall 51%. all_log

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

CVEListV5juniper_networks/junos_os12.1X4612.1X46-D81+2
NVDjuniper/junos12.1x46, 12.3x48, 15.1x49+2
Debianlinux/linux_kernel< 6.8.11-1

🔴Vulnerability Details

2
OSV
CVE-2024-36885: In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Currently, en2024-05-30
GHSA
GHSA-8jg6-w2pj-fc33: An SRX Series Service Gateway configured for Unified Threat Management (UTM) may experience a system crash with the error message "mbuf exceed" -- an2022-05-13

📋Vendor Advisories

2
VMware
VMware product updates address Linux kernel vulnerabilities in TCP Selective Acknowledgement (SACK) (CVE-2019-11477, CVE-2019-11478)2019-07-02
Juniper
CVE-2019-0010: An SRX Series Service Gateway configured for Unified Threat Management (UTM) may experience a system crash with the error message "mbuf exceed" -- an2019-01-15
CVE-2019-0010 — Juniper Networks Junos OS vulnerability | cvebase