Description
A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received this causes a PFE crash and restart, leading to a Denial of Service. This issue affects Junos OS: * All versions before 21.4R3-S6, * 22.2 versions before 22.2R3-S3, * 22.3 versions before 22.3R3-S3, * 22.4 versions before 22.4R3, * 23.2 versions before 23.2R2.
References (1)
Scores
CVSS v3
7.5
EPSS
0.0039
EPSS Percentile
60.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-134
Status
published
Products (6)
juniper/junos
21.4 (13 CPE variants)
juniper/junos
22.2 (10 CPE variants)
juniper/junos
22.3 (10 CPE variants)
juniper/junos
22.4 (7 CPE variants)
juniper/junos
23.2 (4 CPE variants)
juniper/junos
< 21.4
Published
Jul 11, 2024
Tracked Since
Feb 18, 2026