We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Zendesk (Helpdesk and Chat)
Ok

THREATINT
PUBLISHED

CVE-2024-30392

Junos OS: MX Series with SPC3 and MS-MPC/-MIC: When URL filtering is enabled and a specific URL request is received a flowd crash occurs

Reserved:2024-03-26
Published:2024-04-12
Updated:2024-05-16

Description

A Stack-based Buffer Overflow vulnerability in Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series platforms with SPC3 and MS-MPC/-MIC, when URL filtering is enabled and a specific URL request is received and processed, flowd will crash and restart. Continuous reception of the specific URL request will lead to a sustained Denial of Service (DoS) condition. This issue affects: Junos OS: * all versions before 21.2R3-S6, * from 21.3 before 21.3R3-S5, * from 21.4 before 21.4R3-S5, * from 22.1 before 22.1R3-S3, * from 22.2 before 22.2R3-S1, * from 22.3 before 22.3R2-S2, 22.3R3, * from 22.4 before 22.4R2-S1, 22.4R3.



HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-121: Stack-based Buffer Overflow

Denial of Service (DoS)

Product status

Default status
unaffected

Any version before 21.2R3-S6
affected

21.3 before 21.3R3-S5
affected

21.4 before 21.4R3-S5
affected

22.1 before 22.1R3-S3
affected

22.2 before 22.2R3-S1
affected

22.3 before 22.3R2-S2, 22.3R3
affected

22.4 before 22.4R2-S1, 22.4R3
affected

Timeline

2024-04-10:Initial Publication

References

https://supportportal.juniper.net/JSA79092 vendor-advisory

https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L technical-description

cve.org CVE-2024-30392

nvd.nist.gov CVE-2024-30392

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-30392