CVE-2021-0262 — Use After Free in Networks Junos OS

CWE-416 — Use After Free4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 76.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedApr 22

Latest updateMay 24

Description

Through routine static code analysis of the Juniper Networks Junos OS software codebase, the Secure Development Life Cycle team identified a Use After Free vulnerability in PFE packet processing on the QFX10002-60C switching platform. Exploitation of this vulnerability may allow a logically adjacent attacker to trigger a Denial of Service (DoS). Continued exploitation of this vulnerability will sustain the Denial of Service (DoS) condition. This issue only affects QFX10002-60C devices. No other …

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os19.1R3-S1 — 19.1*+1

▶NVDjuniper/junos19.1, 19.2, 20.2+2

🔴Vulnerability Details

GHSA

GHSA-8h37-v9pc-m6v6: Through routine static code analysis of the Juniper Networks Junos OS software codebase, the Secure Development Life Cycle team identified a Use After↗2022-05-24

▶

CVEList

Junos OS: QFX10002-60C: Use after free vulnerability found during static code analysis↗2021-04-22

▶

📋Vendor Advisories

Juniper

CVE-2021-0262: Through routine static code analysis of the Juniper Networks Junos OS software codebase, the Secure Development Life Cycle team identified a Use After↗2021-04-22

▶