CVE-2024-21606
published 2024-01-12CVE-2024-21606: A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).
In a remote access VPN scenario, if a "tcp-encap-profile" is configured and a sequence of specific packets is received, a flowd crash and restart will be observed.
This issue affects Juniper Networks Junos OS on SRX Series:
* All versions earlier than 20.4R3-S8;
* 21.2 versions earlier than 21.2R3-S6;
* 21.3 versions earlier than 21.3R3-S5;
* 21.4 versions earlier than 21.4R3-S5;
* 22.1 versions earlier than 22.1R3-S3;
* 22.2 versions earlier than 22.2R3-S3;
* 22.3 versions earlier than 22.3R3-S1;
* 22.4 versions earlier than 22.4R2-S2, 22.4R3.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| juniper | junos | < 20.4 | 20.4 |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos | — | — |
| juniper | junos_os | — | — |
| juniper | srx_series | — | — |
| juniper_networks | junos_os | < 20.4R3-S8 | 20.4R3-S8 |
| juniper_networks | junos_os | >= 21.2 < 21.2R3-S6 | 21.2R3-S6 |
| juniper_networks | junos_os | >= 21.3 < 21.3R3-S5 | 21.3R3-S5 |
| juniper_networks | junos_os | >= 21.4 < 21.4R3-S5 | 21.4R3-S5 |
| juniper_networks | junos_os | >= 22.1 < 22.1R3-S3 | 22.1R3-S3 |
| juniper_networks | junos_os | >= 22.2 < 22.2R3-S3 | 22.2R3-S3 |
| juniper_networks | junos_os | >= 22.3 < 22.3R3-S1 | 22.3R3-S1 |
| juniper_networks | junos_os | >= 22.4 < 22.4R2-S2, 22.4R3 | 22.4R2-S2, 22.4R3 |