CVE-2024-21606Double Free in Networks Junos OS

CWE-415Double Free4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 53.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 12

Description

A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In a remote access VPN scenario, if a "tcp-encap-profile" is configured and a sequence of specific packets is received, a flowd crash and restart will be observed. This issue affects Juniper Networks Junos OS on SRX Series: * All versions earlier than 20.4R3-S8; * 21.2 versions earlier than 21.2R3-S6;

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os21.221.2R3-S6+7
NVDjuniper/junos< 20.4+8

🔴Vulnerability Details

2
GHSA
GHSA-ww73-qp64-xm6q: A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated a2024-01-12
CVEList
Junos OS: SRX Series: When "tcp-encap" is configured and specific packets are received flowd will crash2024-01-12

📋Vendor Advisories

1
Juniper
CVE-2024-21606: A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated2024-01-12
CVE-2024-21606 — Double Free in Networks Junos OS | cvebase