Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2021-0271

Double Free

Published: Apr 22, 2021 | Modified: Jul 23, 2021
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
3.3 LOW
AV:A/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2021-0271
CWEhttps://cwe.mitre.org/data/definitions/415.html

A Double Free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Networks Junos OS allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. Continued receipt and processing of the crafted ARP packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX2200-C Series, EX3200 Series, EX3300 Series, EX4200 Series, EX4500 Series, EX4550 Series, EX6210 Series, EX8208 Series, EX8216 Series. 12.3 versions prior to 12.3R12-S17; 15.1 versions prior to 15.1R7-S8. This issue only affects the listed Marvell-chipset based EX Series devices. No other products or platforms are affected.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Name Vendor Start Version End Version
Junos Juniper 12.3 12.3
Junos Juniper 12.3 12.3
Junos Juniper 12.3 12.3
Junos Juniper 12.3 12.3
Junos Juniper 12.3 12.3
Junos Juniper 12.3 12.3
Junos Juniper 12.3 12.3
Junos Juniper 12.3 12.3
Junos Juniper 12.3 12.3
Junos Juniper 12.3 12.3
Junos Juniper 12.3 12.3
Junos Juniper 12.3 12.3
Junos Juniper 12.3 12.3
Junos Juniper 12.3 12.3
Junos Juniper 12.3 12.3
Junos Juniper 12.3 12.3
Junos Juniper 12.3 12.3
Junos Juniper 12.3 12.3
Junos Juniper 12.3 12.3
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1
Junos Juniper 15.1 15.1

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use