CVE-2024-39543: Junos OS and Junos OS Evolved: Receipt of a large RPKI-RTR PDU packet can cause rpd to crash
First published: Thu Jul 11 2024(Updated: )
A Buffer Copy without Checking Size of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to send specific RPKI-RTR packets resulting in a crash, creating a Denial of Service (DoS) condition. Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects Junos OS: * All versions before 21.2R3-S8, * from 21.4 before 21.4R3-S8, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R2. Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * from 21.4 before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO, * from 22.3 before 22.3R3-S3-EVO, * from 22.4 before 22.4R3-S2-EVO, * from 23.2 before 23.2R2-S1-EVO, * from 23.4 before 23.4R2-EVO.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper JUNOS | <21.2R3-S8>=21.4<21.4R3-S8>=22.2<22.2R3-S4>=22.3<22.3R3-S3>=22.4<22.4R3-S2>=23.2<23.2R2-S1>=23.4<23.4R2 | |
| Juniper Networks Junos OS | <21.2R3-S8-EVO>=21.4<21.4R3-S8-EVO>=22.2<22.2R3-S4-EVO>=22.3<22.3R3-S3-EVO>=22.4<22.4R3-S2-EVO>=23.2<23.2R2-S1-EVO>=23.4<23.4R2-EVO |
Remedy
The following software releases have been updated to resolve this specific issue: Junos OS: 21.2R3-S8, 21.4R3-S8, 22.2R3-S4, 22.3R3-S3, 22.4R3-S2, 23.2R2-S1, 23.4R2, 24.2R1, and all subsequent releases. Junos OS Evolved: 21.2R3-S8-EVO, 21.4R3-S8-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO 22.4R3-S2-EVO, 23.2R2-S1-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-39543?
CVE-2024-39543 is classified as a high-severity vulnerability due to its potential for causing denial of service.
How do I fix CVE-2024-39543?
To mitigate CVE-2024-39543, users should upgrade to the latest version of Junos OS or Junos OS Evolved as specified in Juniper's security advisory.
What impact does CVE-2024-39543 have on systems?
CVE-2024-39543 allows unauthenticated attackers to crash the routing protocol daemon, leading to service interruptions.
Which versions of Junos OS are affected by CVE-2024-39543?
CVE-2024-39543 affects Junos OS versions up to 21.2R3-S8 and all versions starting from 21.4 and up to the specified limits of later releases.
Is CVE-2024-39543 exploitable remotely?
Yes, CVE-2024-39543 is exploitable by unauthenticated, adjacent attackers sending specific RPKI-RTR packets.
- agent/remedy
- agent/weakness
- agent/title
- agent/references
- agent/first-publish-date
- agent/description
- agent/type
- agent/severity
- agent/author
- agent/event
- collector/nvd-api
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/juniper networks
- canonical/juniper junos
- canonical/juniper networks junos os