CVE-2024-30405 — Incorrect Calculation of Buffer Size in Networks Junos OS

CWE-131 — Incorrect Calculation of Buffer Size4 documents4 sources

Severity

8.7HIGHNVD

EPSS

0.1%

top 65.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedApr 12

Description

An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS). Continued receipt and processing of these specific packets will sustain the Denial of Service condition. This issue affects: Juniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled. * All versions earlier than 21.2R3-S7; * 21.4 …

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os21.4 — 21.4R3-S6+6

▶NVDjuniper/junos< 21.2+7

🔴Vulnerability Details

CVEList

Junos OS: SRX 5000 Series with SPC2: Processing of specific crafted packets when ALG is enabled causes a transit traffic Denial of Service↗2024-04-12

▶

GHSA

GHSA-6gj8-fxh3-h3j9: An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enable↗2024-04-12

▶

📋Vendor Advisories

Juniper

CVE-2024-30405: An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enable↗2024-04-12

▶