THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-39543

Junos OS and Junos OS Evolved: Receipt of a large RPKI-RTR PDU packet can cause rpd to crash

Assignerjuniper
Reserved2024-06-25
Published2024-07-11
Updated2024-07-11

Description

A Buffer Copy without Checking Size of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to send specific RPKI-RTR packets resulting in a crash, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects  Junos OS:  * All versions before 21.2R3-S8,  * from 21.4 before 21.4R3-S8, * from 22.2 before 22.2R3-S4,  * from 22.3 before 22.3R3-S3,  * from 22.4 before 22.4R3-S2,  * from 23.2 before 23.2R2-S1,  * from 23.4 before 23.4R2. Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * from 21.4 before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO,  * from 22.3 before 22.3R3-S3-EVO, * from 22.4 before 22.4R3-S2-EVO,  * from 23.2 before 23.2R2-S1-EVO, * from 23.4 before 23.4R2-EVO.



MEDIUM: 6.5CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
HIGH: 7.1CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A

Problem types

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Product status

Default status
unaffected

Any version before 21.2R3-S8
affected

21.4 before 21.4R3-S8
affected

22.2 before 22.2R3-S4
affected

22.3 before 22.3R3-S3
affected

22.4 before 22.4R3-S2
affected

23.2 before 23.2R2-S1
affected

23.4 before 23.4R2
affected

Default status
unaffected

Any version before 21.2R3-S8-EVO
affected

21.4 before 21.4R3-S8-EVO
affected

22.2 before 22.2R3-S4-EVO
affected

22.3 before 22.3R3-S3-EVO
affected

22.4 before 22.4R3-S2-EVO
affected

23.2 before 23.2R2-S1-EVO
affected

23.4 before 23.4R2-EVO
affected

References

https://supportportal.juniper.net/JSA83004 vendor-advisory

cve.org CVE-2024-39543

nvd.nist.gov CVE-2024-39543

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-39543