CVE-2021-0242

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS on the EX4300 versions prior to 17.3R3-S11 Juniper Networks Junos OS on the EX4300 versions prior to 17.4R2-S13 Juniper Networks Junos OS on the EX4300 versions prior to 17.4R3-S4 Juniper Networks Junos OS on the EX4300 versions prior to 18.1R3-S12 Juniper Networks Junos OS on the EX4300 versions prior to 18.2R2-S8 Juniper Networks Junos OS on the EX4300 versions prior to 18.2R3-S7 Juniper Networks Junos OS on the EX4300 versions prior to 18.3R3-S4 Juniper Networks Junos OS on the EX4300 versions prior to 18.4R1-S8 Juniper Networks Junos OS on the EX4300 versions prior to 18.4R2-S7 Juniper Networks Junos OS on the EX4300 versions prior to 18.4R3-S7 Juniper Networks Junos OS on the EX4300 versions prior to 19.1R1-S6 Juniper Networks Junos OS on the EX4300 versions prior to 19.1R2-S2 Juniper Networks Junos OS on the EX4300 versions prior to 19.1R3-S4 Juniper Networks Junos OS on the EX4300 versions prior to 19.2R1-S6 Juniper Networks Junos OS on the EX4300 versions prior to 19.2R3-S2 Juniper Networks Junos OS on the EX4300 versions prior to 19.3R3-S2 Juniper Networks Junos OS on the EX4300 versions prior to 19.4R2-S3 Juniper Networks Junos OS on the EX4300 versions prior to 19.4R3-S1 Juniper Networks Junos OS on the EX4300 versions prior to 20.1R2 Juniper Networks Junos OS on the EX4300 versions prior to 20.2R2-S1 Juniper Networks Junos OS on the EX4300 versions prior to 20.2R3 Juniper Networks Junos OS on the EX4300 versions prior to 20.3R1-S1 Juniper Networks Junos OS on the EX4300 versions prior to 20.3R2

Description: A vulnerability exists due to the improper handling of direct memory access (DMA) buffers on EX4300 switches, allowing an attacker to trigger a Denial of Service (DoS) condition by exhausting DMA buffers, causing the FPC to crash and the device to restart. This occurs when receiving specific, valid unicast frames on an interface without Layer 2 Protocol Tunneling (L2PT) or dot1x configured. The DMA buffer leak can be monitored by executing the vty command 'show heap'. Error log messages may be observed, including "pid 64476 (pfex junos), uid 0: exited on signal 11 (core dumped)" and "pfe-manager (PID 64476) terminated by signal number 11. Core dumped!".

Recommendations: To resolve the issue for versions prior to 17.3R3-S11, update to 17.3R3-S11 or later. To resolve the issue for versions prior to 17.4R2-S13, update to 17.4R2-S13 or later. To resolve the issue for versions prior to 17.4R3-S4, update to 17.4R3-S4 or later. To resolve the issue for versions prior to 18.1R3-S12, update to 18.1R3-S12 or later. To resolve the issue for versions prior to 18.2R2-S8, update to 18.2R2-S8 or later. To resolve the issue for versions prior to 18.2R3-S7, update to 18.2R3-S7 or later. To resolve the issue for versions prior to 18.3R3-S4, update to 18.3R3-S4 or later. To resolve the issue for versions prior to 18.4R1-S8, update to 18.4R1-S8 or later. To resolve the issue for versions prior to 18.4R2-S7, update to 18.4R2-S7 or later. To resolve the issue for versions prior to 18.4R3-S7, update to 18.4R3-S7 or later. To resolve the issue for versions prior to 19.1R1-S6, update to 19.1R1-S6 or later. To resolve the issue for versions prior to 19.1R2-S2, update to 19.1R2-S2 or later. To resolve the issue for versions prior to 19.1R3-S4, update to 19.1R3-S4 or later. To resolve the issue for versions prior to 19.2R1-S6, update to 19.2R1-S6 or later. To resolve the issue for versions prior to 19.2R3-S2, update to 19.2R3-S2 or later. To resolve the issue for versions prior to 19.3R3-S2, update to 19.3R3-S2 or later. To resolve the issue for versions prior to 19.4R2-S3, update to 19.4R2-S3 or later. To resolve the issue for versions prior to 19.4R3-S1, update to 19.4R3-S1 or later. To resolve the issue for versions prior to 20.1R2, update to 20.1R2 or later. To resolve the issue for versions prior to 20.2R2-S1, update to 20.2R2-S1 or later. To resolve the issue for versions prior to 20.2R3, update to 20.2R3 or later. To resolve the issue for versions prior to 20.3R1-S1, update to 20.3R1-S1 or later. To resolve the issue for versions prior to 20.3R2, update to 20.3R2 or later.