CVE-2026-57021
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
An Out-of-bounds Write vulnerability in the http-gatekeeper (http-gk) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
If an SRX Series device is configured for remote-access VPN with pre-logon compliance check, a network-based attacker sending specifically formatted requests can trigger an out of bounds write leading to an http-gk process crash. This crash leads to unavailability of all services depending on the [ system services web-management ] configuration (like J-Web, remote access VPN and firewall authentication) until the process automatically restarts.
This issue affects Junos OS on SRX Series:
- 23.2 versions before 23.2R2-S7,
- 23.4 versions before 23.4R2-S8,
- 24.2 versions before 24.2R2-S4,
- 24.4 versions before 24.4R2-S4,
- 25.2 versions before 25.2R2,
- 25.4 versions before 25.4R1-S1, 25.4R2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS | 23.2 < 23.2R2-S7 | affected |
| Juniper Networks | Junos OS | 23.4 < 23.4R2-S8 | affected |
| Juniper Networks | Junos OS | 24.2 < 24.2R2-S4 | affected |
| Juniper Networks | Junos OS | 24.4 < 24.4R2-S4 | affected |
| Juniper Networks | Junos OS | 25.2 < 25.2R2 | affected |
| Juniper Networks | Junos OS | 25.4 < 25.4R1-S1, 25.4R2 | affected |
Weaknesses
- CWE-787: CWE-787 Out-of-bounds Write
Workarounds
There are no known workarounds for this issue.
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.