CVE-2021-0271

Summary

A Double Free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Networks Junos OS allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. Continued receipt and processing of the crafted ARP packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX2200-C Series, EX3200 Series, EX3300 Series, EX4200 Series, EX4500 Series, EX4550 Series, EX6210 Series, EX8208 Series, EX8216 Series. 12.3 versions prior to 12.3R12-S17; 15.1 versions prior to 15.1R7-S8. This issue only affects the listed Marvell-chipset based EX Series devices. No other products or platforms are affected.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS12.3 < 12.3R12-S17affected
Juniper NetworksJunos OS15.1 < 15.1R7-S8affected

Weaknesses

  • Denial of Service (DoS)
  • CWE-415: CWE-415 Double Free

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CVE Program Container

Additional References

References