Vulnerabilities > CVE-2021-31367 - Memory Leak vulnerability in Juniper Junos

CVSS 2.9 - LOW

Attack vector

ADJACENT_NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

juniper

CWE-401

NVD

Published: 2021-10-19

Updated: 2021-10-25

Summary

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows an adjacent attacker to cause a Denial of Service (DoS) by sending genuine BGP flowspec packets which cause an FPC heap memory leak. Once having run out of memory the FPC will crash and restart along with a core dump. Continued receipted of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS All versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos Evolved is not affected.

Vulnerable Configurations

Part	Description	Count
OS	Juniper Juniper Junos 18.4 Juniper Junos 19.1 Juniper Junos 19.2 Juniper Junos 19.3 Juniper Junos 19.4 Juniper Junos 20.1 Juniper Junos 20.2 Juniper Junos 20.3 Juniper Junos 20.4 Juniper Junos 21.1	106
Hardware	Juniper Juniper Ptx1000 - Juniper Ptx10001 36Mr - Juniper Ptx10002 - Juniper Ptx10003 - Juniper Ptx10004 - Juniper Ptx10008 - Juniper Ptx10016 - Juniper Ptx3000 - Juniper Ptx5000 -	9

Common Weakness Enumeration (CWE)

CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

References

https://kb.juniper.net/JSA11229