CVE-2024-21594

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 20.4R3-S6 Juniper Networks Junos OS version 21.1 versions prior to 21.1R3-S5 Juniper Networks Junos OS version 21.2 versions prior to 21.2R3-S4 Juniper Networks Junos OS version 21.3 versions prior to 21.3R3-S3 Juniper Networks Junos OS version 21.4 versions prior to 21.4R3-S3 Juniper Networks Junos OS version 22.1 versions prior to 22.1R3-S1 Juniper Networks Junos OS version 22.2 versions prior to 22.2R3 Juniper Networks Junos OS version 22.3 versions prior to 22.3R2

Description A Heap-based Buffer Overflow issue in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows an authenticated, low-privileged, local attacker to cause a Denial of Service (DoS). On an SRX 5000 Series device, executing a specific command repeatedly can corrupt memory, leading to a Flow Processing Daemon (flowd) crash. The NSD process must be restarted to restore services. This issue can be identified with the command request security policies check or by observing the log message "Error: policies are out of sync for PFE node.fpc.pic".

Recommendations For Juniper Networks Junos OS versions prior to 20.4R3-S6, update to version 20.4R3-S6 or later. For Juniper Networks Junos OS version 21.1, update to version 21.1R3-S5 or later. For Juniper Networks Junos OS version 21.2, update to version 21.2R3-S4 or later. For Juniper Networks Junos OS version 21.3, update to version 21.3R3-S3 or later. For Juniper Networks Junos OS version 21.4, update to version 21.4R3-S3 or later. For Juniper Networks Junos OS version 22.1, update to version 22.1R3-S1 or later. For Juniper Networks Junos OS version 22.2, update to version 22.2R3 or later. For Juniper Networks Junos OS version 22.3, update to version 22.3R2 or later.