CVE-2024-21594

A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS).

On an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted, which leads to a Flow Processing Daemon (flowd) crash.

The NSD process has to be restarted to restore services.

If this issue occurs, it can be checked with the following command:

user@host> request security policies check The following log message can also be observed:

Error: policies are out of sync for PFE node<number>.fpc<number>.pic<number>. This issue affects:

Juniper Networks Junos OS on SRX 5000 Series

All versions earlier than 20.4R3-S6;
21.1 versions earlier than 21.1R3-S5;
21.2 versions earlier than 21.2R3-S4;
21.3 versions earlier than 21.3R3-S3;
21.4 versions earlier than 21.4R3-S3;
22.1 versions earlier than 22.1R3-S1;
22.2 versions earlier than 22.2R3;
22.3 versions earlier than 22.3R2.

Published: Jan 12, 2024
Updated: Jan 19, 2024
CVE: CVE-2024-21594
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.5
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
juniper / junos	20.4-r1	20.4-r1.x
juniper / junos	20.4-r1-s1	20.4-r1-s1.x
juniper / junos	21.1-r1	21.1-r1.x
juniper / junos	20.4-r2	20.4-r2.x
juniper / junos	21.2-r1	21.2-r1.x
juniper / junos	20.4-r2-s1	20.4-r2-s1.x
juniper / junos	21.1-r1-s1	21.1-r1-s1.x
juniper / junos	21.2-r1-s1	21.2-r1-s1.x
juniper / junos	21.1-r2	21.1-r2.x
juniper / junos	20.4-r3	20.4-r3.x
juniper / junos	21.3-r1	21.3-r1.x
juniper / junos	21.3-r2	21.3-r2.x
juniper / junos	21.2-r2	21.2-r2.x
juniper / junos	20.4-r3-s1	20.4-r3-s1.x
juniper / junos	20.4-r2-s2	20.4-r2-s2.x
juniper / junos	21.1-r3	21.1-r3.x
juniper / junos	21.1-r2-s1	21.1-r2-s1.x
juniper / junos	21.2	21.2.x
juniper / junos	21.1	21.1.x
juniper / junos	20.4	20.4.x
juniper / junos	21.1-r2-s2	21.1-r2-s2.x
juniper / junos	21.2-r1-s2	21.2-r1-s2.x
juniper / junos	21.2-r2-s1	21.2-r2-s1.x
juniper / junos	21.2-r2-s2	21.2-r2-s2.x
juniper / junos	21.4-r1-s1	21.4-r1-s1.x
juniper / junos	21.3-r1-s1	21.3-r1-s1.x
juniper / junos	21.3-r1-s2	21.3-r1-s2.x
juniper / junos	21.4-r1	21.4-r1.x
juniper / junos	21.3-r2-s1	21.3-r2-s1.x
juniper / junos	21.3-r2-s2	21.3-r2-s2.x
juniper / junos	21.4-r1-s2	21.4-r1-s2.x
juniper / junos	20.4-r3-s2	20.4-r3-s2.x
juniper / junos	21.1-r3-s1	21.1-r3-s1.x
juniper / junos	21.2-r3	21.2-r3.x
juniper / junos	22.1-r1	22.1-r1.x
juniper / junos	21.3-r3	21.3-r3.x
juniper / junos	21.3-r3-s1	21.3-r3-s1.x
juniper / junos	21.4-r2	21.4-r2.x
juniper / junos	21.4-r2-s1	21.4-r2-s1.x
juniper / junos	20.4-r3-s3	20.4-r3-s3.x
juniper / junos	21.4	21.4.x
juniper / junos	21.3	21.3.x
juniper / junos	21.1-r3-s2	21.1-r3-s2.x
juniper / junos	22.1-r1-s1	22.1-r1-s1.x
juniper / junos	22.1-r2	22.1-r2.x
juniper / junos	21.4-r3	21.4-r3.x
juniper / junos	22.1-r1-s2	22.1-r1-s2.x
juniper / junos	22.1-r2-s2	22.1-r2-s2.x
juniper / junos	21.4-r2-s2	21.4-r2-s2.x
juniper / junos	22.2-r1	22.2-r1.x
juniper / junos	22.2-r1-s1	22.2-r1-s1.x
juniper / junos	20.4-r3-s4	20.4-r3-s4.x
juniper / junos	21.2-r3-s2	21.2-r3-s2.x
juniper / junos	21.2-r3-s1	21.2-r3-s1.x
juniper / junos	22.3-r1	22.3-r1.x
juniper / junos	21.1-r3-s3	21.1-r3-s3.x
juniper / junos	22.2-r2	22.2-r2.x
juniper / junos	21.1-r3-s4	21.1-r3-s4.x
juniper / junos	21.3-r3-s2	21.3-r3-s2.x
juniper / junos	22.1-r3	22.1-r3.x
juniper / junos	20.4-r3-s5	20.4-r3-s5.x
juniper / junos	22.2-r1-s2	22.2-r1-s2.x
juniper / junos	-	20.4
juniper / junos	21.4-r3-s1	21.4-r3-s1.x
juniper / junos	22.2-r2-s1	22.2-r2-s1.x
juniper / junos	22.1-r2-s1	22.1-r2-s1.x
juniper / junos	21.2-r3-s3	21.2-r3-s3.x
juniper / junos	21.4-r3-s2	21.4-r3-s2.x
juniper / junos	22.3-r1-s1	22.3-r1-s1.x
juniper / junos	22.2-r2-s2	22.2-r2-s2.x
juniper / junos	22.3-r1-s2	22.3-r1-s2.x
juniper / junos	22.2	22.2.x
juniper / junos	22.3	22.3.x
juniper / junos	22.1	22.1.x

Vulnerability Database

289,599

CVE-2024-21594