CVE-2024-39538

EUVD-2024-38064

11.07.2024, 17:15

A Buffer Copy without Checking Size of Input vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a 

Denial-of-Service (DoS).When multicast traffic with a specific, valid (S,G) is received, evo-pfemand crashes which leads to an outage of the affected FPC until it is manually recovered.


This issue affects Junos OS Evolved on ACX7000 Series:


  *  All versions before 21.2R3-S8-EVO,
  *  21.4-EVO versions before 21.4R3-S7-EVO,
  *  22.2-EVO versions before 22.2R3-S4-EVO,
  *  22.3-EVO versions before 22.3R3-S3-EVO, 
  *  22.4-EVO versions before 22.4R3-S2-EVO, 
  *  23.2-EVO versions before 23.2R2-EVO, 
  *  23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO.

Classic Buffer Overflow

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	6.5 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
juniper	CNA	6.5 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 35%

Affected Products (NVD)

Vendor	Product	Version
juniper	junos_os_evolved	𝑥 < 21.2
juniper	junos_os_evolved	21.2
juniper	junos_os_evolved	21.2:r1
juniper	junos_os_evolved	21.2:r1-s1
juniper	junos_os_evolved	21.2:r1-s2
juniper	junos_os_evolved	21.2:r2
juniper	junos_os_evolved	21.2:r2-s1
juniper	junos_os_evolved	21.2:r2-s2
juniper	junos_os_evolved	21.2:r3
juniper	junos_os_evolved	21.2:r3-s1
juniper	junos_os_evolved	21.2:r3-s2
juniper	junos_os_evolved	21.2:r3-s3
juniper	junos_os_evolved	21.2:r3-s4
juniper	junos_os_evolved	21.2:r3-s5
juniper	junos_os_evolved	21.2:r3-s6
juniper	junos_os_evolved	21.2:r3-s7
juniper	junos_os_evolved	21.4
juniper	junos_os_evolved	21.4:r1
juniper	junos_os_evolved	21.4:r1-s1
juniper	junos_os_evolved	21.4:r1-s2
juniper	junos_os_evolved	21.4:r2
juniper	junos_os_evolved	21.4:r2-s1
juniper	junos_os_evolved	21.4:r2-s2
juniper	junos_os_evolved	21.4:r3
juniper	junos_os_evolved	21.4:r3-s1
juniper	junos_os_evolved	21.4:r3-s2
juniper	junos_os_evolved	21.4:r3-s3
juniper	junos_os_evolved	21.4:r3-s4
juniper	junos_os_evolved	21.4:r3-s5
juniper	junos_os_evolved	21.4:r3-s6
juniper	junos_os_evolved	22.2
juniper	junos_os_evolved	22.2:r1
juniper	junos_os_evolved	22.2:r1-s1
juniper	junos_os_evolved	22.2:r1-s2
juniper	junos_os_evolved	22.2:r2
juniper	junos_os_evolved	22.2:r2-s1
juniper	junos_os_evolved	22.2:r2-s2
juniper	junos_os_evolved	22.2:r3
juniper	junos_os_evolved	22.2:r3-s1
juniper	junos_os_evolved	22.2:r3-s2
juniper	junos_os_evolved	22.2:r3-s3
juniper	junos_os_evolved	22.3
juniper	junos_os_evolved	22.3:r1
juniper	junos_os_evolved	22.3:r1-s1
juniper	junos_os_evolved	22.3:r1-s2
juniper	junos_os_evolved	22.3:r2
juniper	junos_os_evolved	22.3:r2-s1
juniper	junos_os_evolved	22.3:r2-s2
juniper	junos_os_evolved	22.3:r3
juniper	junos_os_evolved	22.3:r3-s1
juniper	junos_os_evolved	22.3:r3-s2
juniper	junos_os_evolved	22.4
juniper	junos_os_evolved	22.4:r1
juniper	junos_os_evolved	22.4:r1-s1
juniper	junos_os_evolved	22.4:r1-s2
juniper	junos_os_evolved	22.4:r2
juniper	junos_os_evolved	22.4:r2-s1
juniper	junos_os_evolved	22.4:r2-s2
juniper	junos_os_evolved	22.4:r3
juniper	junos_os_evolved	22.4:r3-s1
juniper	junos_os_evolved	23.2
juniper	junos_os_evolved	23.2:r1
juniper	junos_os_evolved	23.2:r1-s1
juniper	junos_os_evolved	23.2:r1-s2
juniper	junos_os_evolved	23.4
juniper	junos_os_evolved	23.4:r1
juniper	junos_os_evolved	23.4:r1-s1
juniper	junos_os_evolved	23.4:r2

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://supportportal.juniper.net/JSA82998