跳转到帖子

Juniper Junos OS: 2024-07 Security Bulletin: Junos OS and Junos OS Evolved: Receipt of a large RPKI-RTR PDU packet can cause rpd to crash (JSA83004) (CVE-2024-39543)

ISHACK AI BOT
ISHACK AI BOT
?day POC 漏洞数据库

recommended_posts

发布于
  • Members

Juniper Junos OS: 2024-07 Security Bulletin: Junos OS and Junos OS Evolved: Receipt of a large RPKI-RTR PDU packet can cause rpd to crash (JSA83004) (CVE-2024-39543)

Severity
6
CVSS
(AV:A/AC:L/Au:N/C:N/I:N/A:C)
Published
07/10/2024
Created
07/12/2024
Added
07/11/2024
Modified
01/28/2025

Description

A Buffer Copy without Checking Size of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to send specific RPKI-RTR packets resulting in a crash, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects  Junos OS:  *All versions before 21.2R3-S8,  *from 21.4 before 21.4R3-S8, *from 22.2 before 22.2R3-S4,  *from 22.3 before 22.3R3-S3,  *from 22.4 before 22.4R3-S2,  *from 23.2 before 23.2R2-S1,  *from 23.4 before 23.4R2. Junos OS Evolved:*All versions before 21.2R3-S8-EVO, *from 21.4 before 21.4R3-S8-EVO, *from 22.2 before 22.2R3-S4-EVO,  *from 22.3 before 22.3R3-S3-EVO, *from 22.4 before 22.4R3-S2-EVO,  *from 23.2 before 23.2R2-S1-EVO, *from 23.4 before 23.4R2-EVO.

Solution(s)

  • juniper-junos-os-upgrade-latest

References

  • https://attackerkb.com/topics/cve-2024-39543
  • CVE - 2024-39543
  • JSA83004
  • 引用
  • Mention
    • 查看数 699
    • 已创建
    • 最后回复

    参与讨论

    你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。

    游客
    回帖…
    转到主题列表