CVE-2024-39529Use of Externally-Controlled Format String in Networks Junos OS

CWE-134Use of Externally-Controlled Format String4 documents4 sources
Severity
8.7HIGHNVD
EPSS
0.4%
top 39.84%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJul 11

Description

A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received this causes a PFE crash and restart, leading to a Denial of Service. This issue affects Junos OS: * A

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages2 packages

CVEListV5juniper_networks/junos_os22.222.2R3-S3+4
NVDjuniper/junos< 21.4+5

🔴Vulnerability Details

2
GHSA
GHSA-h69r-jw3j-854f: A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an2024-07-11
CVEList
Junos OS: SRX Series: If DNS traceoptions are configured in a DGA or tunnel detection scenario specific DNS traffic leads to a PFE crash2024-07-11

📋Vendor Advisories

1
Juniper
CVE-2024-39529: A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an2024-07-11
CVE-2024-39529 — Networks Junos OS vulnerability | cvebase