cbcvebase.
CVE-2024-30382
published 2024-04-12

CVE-2024-30382: An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a…

high8.7CVSS 4.0
AVNACLATNPRNUINVCNVINVAHSCNSINSALEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to send a specific routing update, causing an rpd core due to memory corruption, leading to a Denial of Service (DoS). This issue can only be triggered when the system is configured for CoS-based forwarding (CBF) with a policy map containing a cos-next-hop-map action (see below). This issue affects: Junos OS: * all versions before 20.4R3-S10, * from 21.2 before 21.2R3-S8, * from 21.3 before 21.3R3, * from 21.4 before 21.4R3, * from 22.1 before 22.1R2; Junos OS Evolved: * all versions before 21.2R3-S8-EVO, * from 21.3 before 21.3R3-EVO, * from 21.4 before 21.4R3-EVO, * from 22.1 before 22.1R2-EVO.

Affected

21 ranges
VendorProductVersion rangeFixed in
juniperjunos< 20.420.4
juniperjunos
juniperjunos
juniperjunos
juniperjunos
juniperjunos
juniperjunos_os
juniperjunos_os_evolved< 21.221.2
juniperjunos_os_evolved
juniperjunos_os_evolved
juniperjunos_os_evolved
juniperjunos_os_evolved
juniper_networksjunos_os< 20.4R3-S1020.4R3-S10
juniper_networksjunos_os>= 21.2 < 21.2R3-S821.2R3-S8
juniper_networksjunos_os>= 21.3 < 21.3R321.3R3
juniper_networksjunos_os>= 21.4 < 21.4R321.4R3
juniper_networksjunos_os>= 22.1 < 22.1R222.1R2
juniper_networksjunos_os_evolved< 21.2R3-S8-EVO21.2R3-S8-EVO
juniper_networksjunos_os_evolved>= 21.3 < 21.3R3-EVO21.3R3-EVO
juniper_networksjunos_os_evolved>= 21.4 < 21.4R3-EVO21.4R3-EVO
juniper_networksjunos_os_evolved>= 22.1 < 22.1R2-EVO22.1R2-EVO