CVE-2024-39529
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
If DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received this causes a PFE crash and restart, leading to a Denial of Service.
This issue affects Junos OS:
- All versions before 21.4R3-S6,
- 22.2 versions before 22.2R3-S3,
- 22.3 versions before 22.3R3-S3,
- 22.4 versions before 22.4R3,
- 23.2 versions before 23.2R2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS | 0 < 21.4R3-S6 | affected |
| Juniper Networks | Junos OS | 22.2 < 22.2R3-S3 | affected |
| Juniper Networks | Junos OS | 22.3 < 22.3R3-S3 | affected |
| Juniper Networks | Junos OS | 22.4 < 22.4R3 | affected |
| Juniper Networks | Junos OS | 23.2 < 23.2R2 | affected |
Weaknesses
- CWE-134: CWE-134 Use of Externally-Controlled Format String
Workarounds
There are no known workarounds for this issue.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.