What is the severity of CVE-2021-31367?

CVE-2021-31367 has been rated as a high-severity vulnerability due to its potential to cause Denial of Service (DoS) conditions.

How do I fix CVE-2021-31367?

To fix CVE-2021-31367, upgrade your Junos OS to the specified non-vulnerable versions as indicated in the vendor's advisory.

What systems are affected by CVE-2021-31367?

CVE-2021-31367 affects multiple versions of Juniper Networks Junos OS, specifically on PTX Series devices.

Can CVE-2021-31367 be exploited remotely?

Yes, CVE-2021-31367 can be exploited remotely by an adjacent attacker sending malicious BGP flowspec packets.

What are the symptoms of CVE-2021-31367 being exploited?

Exploitation of CVE-2021-31367 can lead to increased memory usage and potential Denial of Service on affected devices.

Vulnerability/
CVE-2021-31367

medium

6.5

CWE

401

13/10/2021

3/8/2024

CVE-2021-31367: Junos OS: PTX Series: An FPC heap memory leak will be triggered by certain Flowspec route operations which can lead to an FPC crash

First published: Wed Oct 13 2021(Updated: )

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows an adjacent attacker to cause a Denial of Service (DoS) by sending genuine BGP flowspec packets which cause an FPC heap memory leak. Once having run out of memory the FPC will crash and restart along with a core dump. Continued receipted of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS All versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos Evolved is not affected.

Credit: sirt@juniper.net

Affected Software	Affected Version	How to fix
Junos OS Evolved	=18.4
Junos OS Evolved	=18.4-r1
Junos OS Evolved	=18.4-r1-s1
Junos OS Evolved	=18.4-r1-s2
Junos OS Evolved	=18.4-r1-s3
Junos OS Evolved	=18.4-r1-s4
Junos OS Evolved	=18.4-r1-s5
Junos OS Evolved	=18.4-r1-s6
Junos OS Evolved	=18.4-r1-s7
Junos OS Evolved	=18.4-r2
Junos OS Evolved	=18.4-r2-s1
Junos OS Evolved	=18.4-r2-s2
Junos OS Evolved	=18.4-r2-s3
Junos OS Evolved	=18.4-r2-s4
Junos OS Evolved	=18.4-r2-s5
Junos OS Evolved	=18.4-r2-s6
Junos OS Evolved	=18.4-r2-s7
Junos OS Evolved	=18.4-r2-s8
Junos OS Evolved	=18.4-r3
Junos OS Evolved	=18.4-r3-s1
Junos OS Evolved	=18.4-r3-s2
Junos OS Evolved	=18.4-r3-s3
Junos OS Evolved	=18.4-r3-s4
Junos OS Evolved	=18.4-r3-s5
Junos OS Evolved	=18.4-r3-s6
Junos OS Evolved	=18.4-r3-s7
Junos OS Evolved	=18.4-r3-s8
Junos OS Evolved	=19.1
Junos OS Evolved	=19.1-r1
Junos OS Evolved	=19.1-r1-s1
Junos OS Evolved	=19.1-r1-s2
Junos OS Evolved	=19.1-r1-s3
Junos OS Evolved	=19.1-r1-s4
Junos OS Evolved	=19.1-r1-s5
Junos OS Evolved	=19.1-r1-s6
Junos OS Evolved	=19.1-r2
Junos OS Evolved	=19.1-r2-s1
Junos OS Evolved	=19.1-r2-s2
Junos OS Evolved	=19.1-r3
Junos OS Evolved	=19.1-r3-s1
Junos OS Evolved	=19.1-r3-s2
Junos OS Evolved	=19.1-r3-s3
Junos OS Evolved	=19.1-r3-s4
Junos OS Evolved	=19.1-r3-s5
Junos OS Evolved	=19.1-r3-s6
Junos OS Evolved	=19.2
Junos OS Evolved	=19.2-r1
Junos OS Evolved	=19.2-r1-s1
Junos OS Evolved	=19.2-r1-s2
Junos OS Evolved	=19.2-r1-s3
Junos OS Evolved	=19.2-r1-s4
Junos OS Evolved	=19.2-r1-s5
Junos OS Evolved	=19.2-r1-s6
Junos OS Evolved	=19.2-r2
Junos OS Evolved	=19.2-r2-s1
Junos OS Evolved	=19.2-r3
Junos OS Evolved	=19.2-r3-s1
Junos OS Evolved	=19.2-r3-s2
Junos OS Evolved	=19.3
Junos OS Evolved	=19.3-r1
Junos OS Evolved	=19.3-r1-s1
Junos OS Evolved	=19.3-r2
Junos OS Evolved	=19.3-r2-s1
Junos OS Evolved	=19.3-r2-s2
Junos OS Evolved	=19.3-r2-s3
Junos OS Evolved	=19.3-r2-s4
Junos OS Evolved	=19.3-r2-s5
Junos OS Evolved	=19.3-r3
Junos OS Evolved	=19.3-r3-s1
Junos OS Evolved	=19.3-r3-s2
Junos OS Evolved	=19.4-r1
Junos OS Evolved	=19.4-r1-s1
Junos OS Evolved	=19.4-r1-s2
Junos OS Evolved	=19.4-r1-s3
Junos OS Evolved	=19.4-r3
Junos OS Evolved	=19.4-r3-s1
Junos OS Evolved	=19.4-r3-s2
Junos OS Evolved	=19.4-r3-s3
Junos OS Evolved	=19.4-r3-s4
Junos OS Evolved	=19.4-r3-s5
Junos OS Evolved	=20.1-r1
Junos OS Evolved	=20.1-r1-s1
Junos OS Evolved	=20.1-r1-s2
Junos OS Evolved	=20.1-r1-s3
Junos OS Evolved	=20.1-r1-s4
Junos OS Evolved	=20.1-r2
Junos OS Evolved	=20.1-r2-s1
Junos OS Evolved	=20.2-r1
Junos OS Evolved	=20.2-r1-s1
Junos OS Evolved	=20.2-r1-s2
Junos OS Evolved	=20.2-r1-s3
Junos OS Evolved	=20.2-r2
Junos OS Evolved	=20.2-r2-s1
Junos OS Evolved	=20.2-r2-s2
Junos OS Evolved	=20.2-r2-s3
Junos OS Evolved	=20.2-r3
Junos OS Evolved	=20.3-r1
Junos OS Evolved	=20.3-r1-s1
Junos OS Evolved	=20.3-r2
Junos OS Evolved	=20.3-r2-s1
Junos OS Evolved	=20.4-r1
Junos OS Evolved	=20.4-r1-s1
Junos OS Evolved	=20.4-r2
Junos OS Evolved	=20.4-r2-s1
Junos OS Evolved	=21.1-r1
Junos OS Evolved	=21.1-r1-s1
Juniper PTX1000
Juniper PTX10001-36MR
Juniper PTX10002
Juniper PTX10003 80C
Juniper PTX10004
Juniper PTX10008
Juniper PTX10016
Juniper PTX3000
Juniper PTX Series

Remedy

https://kb.juniper.net/JSA11229

Remedy

The following software releases have been updated to resolve this specific issue in Junos OS: 18.4R3-S9, 19.1R3-S7, 19.2R1-S7, 19.2R3-S3, 19.3R2-S6, 19.3R3-S3, 19.4R1-S4, 20.1R2-S2, 20.1R3, 20.2R3-S1, 20.3R3, 20.4R3, 21.1R2, 21.2R1, and all subsequent releases.

Never miss a vulnerability like this again

Reference Links

https://kb.juniper.net/JSA11229

Frequently Asked Questions

What is the severity of CVE-2021-31367?
CVE-2021-31367 has been rated as a high-severity vulnerability due to its potential to cause Denial of Service (DoS) conditions.
How do I fix CVE-2021-31367?
To fix CVE-2021-31367, upgrade your Junos OS to the specified non-vulnerable versions as indicated in the vendor's advisory.
What systems are affected by CVE-2021-31367?
CVE-2021-31367 affects multiple versions of Juniper Networks Junos OS, specifically on PTX Series devices.
Can CVE-2021-31367 be exploited remotely?
Yes, CVE-2021-31367 can be exploited remotely by an adjacent attacker sending malicious BGP flowspec packets.
What are the symptoms of CVE-2021-31367 being exploited?
Exploitation of CVE-2021-31367 can lead to increased memory usage and potential Denial of Service on affected devices.

agent/type
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/weakness
agent/references
agent/title
agent/severity
agent/remedy
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/juniper
canonical/junos os evolved
version/junos os evolved/18.4
version/junos os evolved/18.4-r1
version/junos os evolved/18.4-r1-s1
version/junos os evolved/18.4-r1-s2
version/junos os evolved/18.4-r1-s3
version/junos os evolved/18.4-r1-s4
version/junos os evolved/18.4-r1-s5
version/junos os evolved/18.4-r1-s6
version/junos os evolved/18.4-r1-s7
version/junos os evolved/18.4-r2
version/junos os evolved/18.4-r2-s1
version/junos os evolved/18.4-r2-s2
version/junos os evolved/18.4-r2-s3
version/junos os evolved/18.4-r2-s4
version/junos os evolved/18.4-r2-s5
version/junos os evolved/18.4-r2-s6
version/junos os evolved/18.4-r2-s7
version/junos os evolved/18.4-r2-s8
version/junos os evolved/18.4-r3
version/junos os evolved/18.4-r3-s1
version/junos os evolved/18.4-r3-s2
version/junos os evolved/18.4-r3-s3
version/junos os evolved/18.4-r3-s4
version/junos os evolved/18.4-r3-s5
version/junos os evolved/18.4-r3-s6
version/junos os evolved/18.4-r3-s7
version/junos os evolved/18.4-r3-s8
version/junos os evolved/19.1
version/junos os evolved/19.1-r1
version/junos os evolved/19.1-r1-s1
version/junos os evolved/19.1-r1-s2
version/junos os evolved/19.1-r1-s3
version/junos os evolved/19.1-r1-s4
version/junos os evolved/19.1-r1-s5
version/junos os evolved/19.1-r1-s6
version/junos os evolved/19.1-r2
version/junos os evolved/19.1-r2-s1
version/junos os evolved/19.1-r2-s2
version/junos os evolved/19.1-r3
version/junos os evolved/19.1-r3-s1
version/junos os evolved/19.1-r3-s2
version/junos os evolved/19.1-r3-s3
version/junos os evolved/19.1-r3-s4
version/junos os evolved/19.1-r3-s5
version/junos os evolved/19.1-r3-s6
version/junos os evolved/19.2
version/junos os evolved/19.2-r1
version/junos os evolved/19.2-r1-s1
version/junos os evolved/19.2-r1-s2
version/junos os evolved/19.2-r1-s3
version/junos os evolved/19.2-r1-s4
version/junos os evolved/19.2-r1-s5
version/junos os evolved/19.2-r1-s6
version/junos os evolved/19.2-r2
version/junos os evolved/19.2-r2-s1
version/junos os evolved/19.2-r3
version/junos os evolved/19.2-r3-s1
version/junos os evolved/19.2-r3-s2
version/junos os evolved/19.3
version/junos os evolved/19.3-r1
version/junos os evolved/19.3-r1-s1
version/junos os evolved/19.3-r2
version/junos os evolved/19.3-r2-s1
version/junos os evolved/19.3-r2-s2
version/junos os evolved/19.3-r2-s3
version/junos os evolved/19.3-r2-s4
version/junos os evolved/19.3-r2-s5
version/junos os evolved/19.3-r3
version/junos os evolved/19.3-r3-s1
version/junos os evolved/19.3-r3-s2
version/junos os evolved/19.4-r1
version/junos os evolved/19.4-r1-s1
version/junos os evolved/19.4-r1-s2
version/junos os evolved/19.4-r1-s3
version/junos os evolved/19.4-r3
version/junos os evolved/19.4-r3-s1
version/junos os evolved/19.4-r3-s2
version/junos os evolved/19.4-r3-s3
version/junos os evolved/19.4-r3-s4
version/junos os evolved/19.4-r3-s5
version/junos os evolved/20.1-r1
version/junos os evolved/20.1-r1-s1
version/junos os evolved/20.1-r1-s2
version/junos os evolved/20.1-r1-s3
version/junos os evolved/20.1-r1-s4
version/junos os evolved/20.1-r2
version/junos os evolved/20.1-r2-s1
version/junos os evolved/20.2-r1
version/junos os evolved/20.2-r1-s1
version/junos os evolved/20.2-r1-s2
version/junos os evolved/20.2-r1-s3
version/junos os evolved/20.2-r2
version/junos os evolved/20.2-r2-s1
version/junos os evolved/20.2-r2-s2
version/junos os evolved/20.2-r2-s3
version/junos os evolved/20.2-r3
version/junos os evolved/20.3-r1
version/junos os evolved/20.3-r1-s1
version/junos os evolved/20.3-r2
version/junos os evolved/20.3-r2-s1
version/junos os evolved/20.4-r1
version/junos os evolved/20.4-r1-s1
version/junos os evolved/20.4-r2
version/junos os evolved/20.4-r2-s1
version/junos os evolved/21.1-r1
version/junos os evolved/21.1-r1-s1
canonical/juniper ptx1000
canonical/juniper ptx10001-36mr
canonical/juniper ptx10002
canonical/juniper ptx10003 80c
canonical/juniper ptx10004
canonical/juniper ptx10008
canonical/juniper ptx10016
canonical/juniper ptx3000
canonical/juniper ptx series

CVE-2021-31367: Junos OS: PTX Series: An FPC heap memory leak will be triggered by certain Flowspec route operations which can lead to an FPC crash

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-31367?

How do I fix CVE-2021-31367?

What systems are affected by CVE-2021-31367?

Can CVE-2021-31367 be exploited remotely?

What are the symptoms of CVE-2021-31367 being exploited?

Company

Resources

Contact