CVE-2023-36833

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202 versions 21.2R1-EVO and later versions Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202 versions 21.3R1-EVO and later versions Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202 versions prior to 21.4R3-S3-EVO Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202 versions 22.1R1-EVO and later versions Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202 versions prior to 22.2R3-S2-EVO Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202 versions prior to 22.3R3-EVO Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202 versions prior to 22.4R1-S2-EVO, 22.4R2-EVO

Description A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). The process 'aftman-bt' will crash after multiple flaps on a multicast-only fast reroute (MoFRR) enabled interface, causing the respective FPC to stop forwarding traffic. An indication of this issue is the log message: evo-aftmand-bt[]: [Error] jexpr fdb: sanity check failed, ... , app name L3 Mcast Routes.

Recommendations For versions 21.2R1-EVO and later versions, update to a version later than 21.4R3-S3-EVO, 22.2R3-S2-EVO, 22.3R3-EVO, or 22.4R1-S2-EVO, 22.4R2-EVO. For versions 21.3R1-EVO and later versions, update to a version later than 21.4R3-S3-EVO, 22.2R3-S2-EVO, 22.3R3-EVO, or 22.4R1-S2-EVO, 22.4R2-EVO. For versions prior to 21.4R3-S3-EVO, update to version 21.4R3-S3-EVO or later. For versions 22.1R1-EVO and later versions, update to a version later than 22.2R3-S2-EVO, 22.3R3-EVO, or 22.4R1-S2-EVO, 22.4R2-EVO. For versions prior to 22.2R3-S2-EVO, update to version 22.2R3-S2-EVO or later. For versions prior to 22.3R3-EVO, update to version 22.3R3-EVO or later. For versions prior to 22.4R1-S2-EVO, 22.4R2-EVO, update to version 22.4R1-S2-EVO, 22.4R2-EVO or later.