CVE-2024-39529

Summary

A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).

If DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received this causes a PFE crash and restart, leading to a Denial of Service.

This issue affects Junos OS:

  • All versions before 21.4R3-S6,
  • 22.2 versions before 22.2R3-S3,
  • 22.3 versions before 22.3R3-S3,
  • 22.4 versions before 22.4R3,
  • 23.2 versions before 23.2R2.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS0 < 21.4R3-S6affected
Juniper NetworksJunos OS22.2 < 22.2R3-S3affected
Juniper NetworksJunos OS22.3 < 22.3R3-S3affected
Juniper NetworksJunos OS22.4 < 22.4R3affected
Juniper NetworksJunos OS23.2 < 23.2R2affected

Weaknesses

  • CWE-134: CWE-134 Use of Externally-Controlled Format String

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References