CVE-2024-21618 — Access of Memory Location After End of Buffer in Networks Junos OS

CWE-788 — Access of Memory Location After End of Buffer CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

7.1HIGHNVD

EPSS

0.1%

top 68.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedApr 12

Description

An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVR…

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolved21.4-EVO — 21.4R3-S5-EVO+5

▶NVDjuniper/junos_os_evolved6 versions+5

▶CVEListV5juniper_networks/junos_os21.4 — 21.4R3-S4+5

▶NVDjuniper/junos6 versions+5

🔴Vulnerability Details

CVEList

Junos OS and Junos OS Evolved: When LLDP is enabled and a malformed LLDP packet is received, l2cpd crashes↗2024-04-12

▶

GHSA

GHSA-6rj9-5jww-q88j: An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos↗2024-04-12

▶

📋Vendor Advisories

Juniper

CVE-2024-21618: An Access of Memory Location After End of Buffer vulnerability in the Layer-2 Control Protocols Daemon (l2cpd) of Juniper Networks Junos OS and Junos↗2024-04-12

▶