CVE-2026-57029
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A Missing Synchronization vulnerability in the flow collector handler of Juniper Networks Junos OS Evolved on QFX Series allows an adjacent, unauthenticated attacker to cause a Denial-of-Service (DoS).
When the reachability of an sFlow collector changes, the corresponding next-hop entry is updated. If this update occurs simultaneously with the sFlow thread accessing the next-hop data (which is outside the attackers control), it causes the evo-pfemand process to crash, impacting all traffic forwarding until the automatic process restart has completed.
This issue affects Junos OS Evolved on QFX Series:
- all 23.2 versions,
- 23.4 versions before 23.4R2-S7-EVO,
- 24.2 versions before 24.2R2-S5-EVO,
- 24.4 versions before 24.4R2-S3-EVO,
- 25.2 versions before 25.2R2-EVO.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS Evolved | 0 < 23.4R2-S7-EVO | affected |
| Juniper Networks | Junos OS Evolved | 24.2 < 24.2R2-S5-EVO | affected |
| Juniper Networks | Junos OS Evolved | 24.4 < 24.4R2-S3-EVO | affected |
| Juniper Networks | Junos OS Evolved | 25.2 < 25.2R2-EVO | affected |
Weaknesses
- CWE-820: CWE-820 Missing Synchronization
Workarounds
There are no known workarounds for this issue.
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.