CVE Vulnerabilities

CVE-2024-21606

Double Free

Published: Jan 12, 2024 | Modified: Jan 18, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).

In a remote access VPN scenario, if a tcp-encap-profile is configured and a sequence of specific packets is received, a flowd crash and restart will be observed.

This issue affects Juniper Networks Junos OS on SRX Series:

  • All versions earlier than 20.4R3-S8;
  • 21.2 versions earlier than 21.2R3-S6;
  • 21.3 versions earlier than 21.3R3-S5;
  • 21.4 versions earlier than 21.4R3-S5;
  • 22.1 versions earlier than 22.1R3-S3;
  • 22.2 versions earlier than 22.2R3-S3;
  • 22.3 versions earlier than 22.3R3-S1;
  • 22.4 versions earlier than 22.4R2-S2, 22.4R3.

Weakness

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Affected Software

Name Vendor Start Version End Version
Junos Juniper * *
Junos Juniper 20.4 20.4
Junos Juniper 20.4 20.4
Junos Juniper 20.4 20.4
Junos Juniper 20.4 20.4
Junos Juniper 20.4 20.4
Junos Juniper 20.4 20.4
Junos Juniper 20.4 20.4
Junos Juniper 20.4 20.4
Junos Juniper 20.4 20.4
Junos Juniper 20.4 20.4
Junos Juniper 20.4 20.4
Junos Juniper 20.4 20.4
Junos Juniper 20.4 20.4
Junos Juniper 20.4 20.4
Junos Juniper 21.2 21.2
Junos Juniper 21.2 21.2
Junos Juniper 21.2 21.2
Junos Juniper 21.2 21.2
Junos Juniper 21.2 21.2
Junos Juniper 21.2 21.2
Junos Juniper 21.2 21.2
Junos Juniper 21.2 21.2
Junos Juniper 21.2 21.2
Junos Juniper 21.2 21.2
Junos Juniper 21.2 21.2
Junos Juniper 21.2 21.2
Junos Juniper 21.2 21.2
Junos Juniper 21.3 21.3
Junos Juniper 21.3 21.3
Junos Juniper 21.3 21.3
Junos Juniper 21.3 21.3
Junos Juniper 21.3 21.3
Junos Juniper 21.3 21.3
Junos Juniper 21.3 21.3
Junos Juniper 21.3 21.3
Junos Juniper 21.3 21.3
Junos Juniper 21.3 21.3
Junos Juniper 21.3 21.3
Junos Juniper 21.3 21.3
Junos Juniper 21.4 21.4
Junos Juniper 21.4 21.4
Junos Juniper 21.4 21.4
Junos Juniper 21.4 21.4
Junos Juniper 21.4 21.4
Junos Juniper 21.4 21.4
Junos Juniper 21.4 21.4
Junos Juniper 21.4 21.4
Junos Juniper 21.4 21.4
Junos Juniper 21.4 21.4
Junos Juniper 21.4 21.4
Junos Juniper 21.4 21.4
Junos Juniper 22.1 22.1
Junos Juniper 22.1 22.1
Junos Juniper 22.1 22.1
Junos Juniper 22.1 22.1
Junos Juniper 22.1 22.1
Junos Juniper 22.1 22.1
Junos Juniper 22.1 22.1
Junos Juniper 22.1 22.1
Junos Juniper 22.1 22.1
Junos Juniper 22.1 22.1
Junos Juniper 22.2 22.2
Junos Juniper 22.2 22.2
Junos Juniper 22.2 22.2
Junos Juniper 22.2 22.2
Junos Juniper 22.2 22.2
Junos Juniper 22.2 22.2
Junos Juniper 22.2 22.2
Junos Juniper 22.2 22.2
Junos Juniper 22.2 22.2
Junos Juniper 22.2 22.2
Junos Juniper 22.3 22.3
Junos Juniper 22.3 22.3
Junos Juniper 22.3 22.3
Junos Juniper 22.3 22.3
Junos Juniper 22.3 22.3
Junos Juniper 22.3 22.3
Junos Juniper 22.3 22.3
Junos Juniper 22.3 22.3
Junos Juniper 22.4 22.4
Junos Juniper 22.4 22.4
Junos Juniper 22.4 22.4
Junos Juniper 22.4 22.4
Junos Juniper 22.4 22.4
Junos Juniper 22.4 22.4

Potential Mitigations

References