CVE-2021-0242 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Networks Junos OS

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-241 — Improper Handling of Unexpected Data Type CWE-770 — Allocation of Resources Without Limits or Throttling4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 77.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedApr 22

Latest updateMay 24

Description

A vulnerability due to the improper handling of direct memory access (DMA) buffers on EX4300 switches on Juniper Networks Junos OS allows an attacker sending specific unicast frames to trigger a Denial of Service (DoS) condition by exhausting DMA buffers, causing the FPC to crash and the device to restart. The DMA buffer leak is seen when receiving these specific, valid unicast frames on an interface without Layer 2 Protocol Tunneling (L2PT) or dot1x configured. Interfaces with either L2PT or do…

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os17.3 — 17.3R3-S11+12

▶NVDjuniper/junos13 versions+12

🔴Vulnerability Details

GHSA

GHSA-ppfp-wfpf-4f6c: A vulnerability due to the improper handling of direct memory access (DMA) buffers on EX4300 switches on Juniper Networks Junos OS allows an attacker↗2022-05-24

▶

CVEList

Junos OS: EX4300: FPC crash upon receipt of specific frames on an interface without L2PT or dot1x configured↗2021-04-22

▶

📋Vendor Advisories

Juniper

CVE-2021-0242: A vulnerability due to the improper handling of direct memory access (DMA) buffers on EX4300 switches on Juniper Networks Junos OS allows an attacker↗2021-04-22

▶