CVE-2024-21606 Junos OS: SRX Series: When "tcp-encap" is configured and specific packets are received flowd will crash

🗓️ 12 Jan 2024 00:54:51Reported by juniperType

Junos OS Double Free vulnerability, causing flowd cras

Reporter	Title	Published	Views	Family All 12
BDU FSTEC	The vulnerability of flow processing demons in Juniper Networks’ Junos OS-based SRX series routers, which allows a attacker to cause service interruptions.	18 Jan 202400:00	–	bdu_fstec
Circl	CVE-2024-21606	12 Jan 202402:26	–	circl
CNNVD	Juniper Networks Junos OS Resource Management Error Vulnerability	12 Jan 202400:00	–	cnnvd
CVE	CVE-2024-21606	12 Jan 202400:54	–	cve
EUVD	EUVD-2024-19254	3 Oct 202520:07	–	euvd
Tenable Nessus	Juniper Junos OS Vulnerability (JSA75747)	18 Apr 202400:00	–	nessus
NCSC	Vulnerabilities fixed in Juniper Junos OS and Junos OS Evolved	12 Jan 202400:00	–	ncsc
NVD	CVE-2024-21606	12 Jan 202401:15	–	nvd
OSV	CVE-2024-21606	12 Jan 202401:15	–	osv
Prion	Double free	12 Jan 202401:15	–	prion

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "SRX Series"
    ],
    "product": "Junos OS",
    "vendor": "Juniper Networks",
    "versions": [
      {
        "lessThan": "20.4R3-S8",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      },
      {
        "lessThan": "21.2R3-S6",
        "status": "affected",
        "version": "21.2",
        "versionType": "semver"
      },
      {
        "lessThan": "21.3R3-S5",
        "status": "affected",
        "version": "21.3",
        "versionType": "semver"
      },
      {
        "lessThan": "21.4R3-S5",
        "status": "affected",
        "version": "21.4",
        "versionType": "semver"
      },
      {
        "lessThan": "22.1R3-S3",
        "status": "affected",
        "version": "22.1",
        "versionType": "semver"
      },
      {
        "lessThan": "22.2R3-S3",
        "status": "affected",
        "version": "22.2",
        "versionType": "semver"
      },
      {
        "lessThan": "22.3R3-S1",
        "status": "affected",
        "version": "22.3",
        "versionType": "semver"
      },
      {
        "lessThan": "22.4R2-S2, 22.4R3",
        "status": "affected",
        "version": "22.4",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
supportportal	www.supportportal.juniper.net/JSA75747
first	www.first.org/cvss/calculator/4.0

12 Jan 2024 00:54Current

7.7High risk

Vulners AI Score7.7

CVSS 3.17.5

EPSS0.00555

CWE-415