Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-m36g-4gr6-38w3

Опубликовано: 11 июл. 2024
Источник: github
Github: Не прошло ревью
CVSS4: 7.1
CVSS3: 6.5

Описание

A Buffer Copy without Checking Size of Input vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a 

Denial-of-Service (DoS).When multicast traffic with a specific, valid (S,G) is received, evo-pfemand crashes which leads to an outage of the affected FPC until it is manually recovered.

This issue affects Junos OS Evolved on ACX7000 Series:

  • All versions before 21.2R3-S8-EVO,
  • 21.4-EVO versions before 21.4R3-S7-EVO,
  • 22.2-EVO versions before 22.2R3-S4-EVO,
  • 22.3-EVO versions before 22.3R3-S3-EVO, 
  • 22.4-EVO versions before 22.4R3-S2-EVO, 
  • 23.2-EVO versions before 23.2R2-EVO, 
  • 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO.

A Buffer Copy without Checking Size of Input vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a 

Denial-of-Service (DoS).When multicast traffic with a specific, valid (S,G) is received, evo-pfemand crashes which leads to an outage of the affected FPC until it is manually recovered.

This issue affects Junos OS Evolved on ACX7000 Series:

  • All versions before 21.2R3-S8-EVO,
  • 21.4-EVO versions before 21.4R3-S7-EVO,
  • 22.2-EVO versions before 22.2R3-S4-EVO,
  • 22.3-EVO versions before 22.3R3-S3-EVO, 
  • 22.4-EVO versions before 22.4R3-S2-EVO, 
  • 23.2-EVO versions before 23.2R2-EVO, 
  • 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO.

Ссылки

EPSS

Процентиль: 23%
0.00074
Низкий

7.1 High

CVSS4

6.5 Medium

CVSS3

CVE ID

CVE-2024-39538

Дефекты

CWE-120

Связанные уязвимости

nvd логотип

CVE-2024-39538

CVSS3: 6.5
nvd
около 1 года назад

A Buffer Copy without Checking Size of Input vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a  Denial-of-Service (DoS).When multicast traffic with a specific, valid (S,G) is received, evo-pfemand crashes which leads to an outage of the affected FPC until it is manually recovered. This issue affects Junos OS Evolved on ACX7000 Series: * All versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-S3-EVO,  * 22.4-EVO versions before 22.4R3-S2-EVO,  * 23.2-EVO versions before 23.2R2-EVO,  * 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO.

fstec логотип

BDU:2025-08768

CVSS3: 6.5
fstec
около 1 года назад

Уязвимость демона PFE Management операционных систем Juniper Networks Junos OS Evolved, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 23%
0.00074
Низкий

7.1 High

CVSS4

6.5 Medium

CVSS3

CVE ID

CVE-2024-39538

Дефекты

CWE-120