CVE-2024-30405

Summary

An Incorrect Calculation of Buffer Size vulnerability in Juniper Networks Junos OS SRX 5000 Series devices using SPC2 line cards while ALGs are enabled allows an attacker sending specific crafted packets to cause a transit traffic Denial of Service (DoS).

Continued receipt and processing of these specific packets will sustain the Denial of Service condition.

This issue affects: Juniper Networks Junos OS SRX 5000 Series with SPC2 with ALGs enabled.

  • All versions earlier than 21.2R3-S7;
  • 21.4 versions earlier than 21.4R3-S6;
  • 22.1 versions earlier than 22.1R3-S5;
  • 22.2 versions earlier than 22.2R3-S3;
  • 22.3 versions earlier than 22.3R3-S2;
  • 22.4 versions earlier than 22.4R3;
  • 23.2 versions earlier than 23.2R2.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS0 < 21.2R3-S7affected
Juniper NetworksJunos OS21.4 < 21.4R3-S6affected
Juniper NetworksJunos OS22.1 < 22.1R3-S5affected
Juniper NetworksJunos OS22.2 < 22.2R3-S3affected
Juniper NetworksJunos OS22.3 < 22.3R3-S2affected
Juniper NetworksJunos OS22.4 < 22.4R3affected
Juniper NetworksJunos OS23.2 < 23.2R2affected

Weaknesses

  • CWE-131: CWE-131 Incorrect Calculation of Buffer Size

Workarounds

There are no known workarounds for this issue other than reducing risk by disabling as many ALGs as possible until the device can be upgraded.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References