CVE-2021-31367

Summary

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows an adjacent attacker to cause a Denial of Service (DoS) by sending genuine BGP flowspec packets which cause an FPC heap memory leak. Once having run out of memory the FPC will crash and restart along with a core dump. Continued receipted of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS All versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos Evolved is not affected.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OSunspecified < 18.4R3-S9affected
Juniper NetworksJunos OS19.1 < 19.1R3-S7affected
Juniper NetworksJunos OS19.2 < 19.2R1-S7, 19.2R3-S3affected
Juniper NetworksJunos OS19.3 < 19.3R2-S6, 19.3R3-S3affected
Juniper NetworksJunos OS19.4 < 19.4R1-S4, 19.4R3-S6affected
Juniper NetworksJunos OS20.1 < 20.1R2-S2, 20.1R3affected
Juniper NetworksJunos OS20.2 < 20.2R3-S1affected
Juniper NetworksJunos OS20.3 < 20.3R3affected
Juniper NetworksJunos OS20.4 < 20.4R3affected
Juniper NetworksJunos OS21.1 < 21.1R2affected

Weaknesses

  • CWE-401: CWE-401 Improper Release of Memory Before Removing Last Reference
  • Denial of Service (DoS)

Workarounds

There are no viable workarounds for this issue.

ADP Enrichment

CVE Program Container

Additional References

References