CVE-2024-30392 — Stack-based Buffer Overflow in Networks Junos OS

CWE-121 — Stack-based Buffer Overflow4 documents4 sources

Severity

8.7HIGHNVD

EPSS

0.2%

top 59.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedApr 12

Description

A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific URL request is received and processed, flowd will crash and restart. Continuous reception of the specific URL request will lead to a sustained Denial of Service (DoS) condition. This issue affects: J…

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os21.3 — 21.3R3-S5+6

▶NVDjuniper/junos< 21.2+7

🔴Vulnerability Details

GHSA

GHSA-jqhc-3v3m-gjx4: A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based at↗2024-04-12

▶

CVEList

Junos OS: MX Series with SPC3 and MS-MPC/-MIC: When URL filtering is enabled and a specific URL request is received a flowd crash occurs↗2024-04-12

▶

📋Vendor Advisories

Juniper

CVE-2024-30392: A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based at↗2024-04-12

▶