CVE-2024-39529

CVSS V2 None CVSS V3 None

Description

A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received this causes a PFE crash and restart, leading to a Denial of Service. This issue affects Junos OS: * All versions before 21.4R3-S6, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2.

Overview

CVE ID
CVE-2024-39529

Assigner
juniper

Vulnerability Status
PUBLISHED

Published Version
2024-07-11T16:03:26.980Z

Last Modified Date
2024-07-11T18:29:59.847Z

Weakness Enumerations

CWE	URL
CWE-134	http://cwe.mitre.org/data/definitions/134.html

References

Reference URL	Reference Tags
https://supportportal.juniper.net/JSA82988	vendor-advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-39529
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39529

History

Created	Old Value	New Value	Data Type	Notes
2024-07-12 13:09:44				Added to TrackCVE