SB2024041103 - Access of memory location after end of buffer in Junos OS Evolved and Juniper Junos OS

Security Bulletin ID SB2024041103

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Access of memory location after end of buffer (CVE-ID: CVE-2024-21618)

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to access of memory location after end of buffer error in the Layer-2 Control Protocols Daemon (l2cpd). A remote non-authenticated attacker can cause Denial of Service (DoS).

On all Junos OS and Junos OS Evolved platforms, when LLDP is enabled on a specific interface, and a malformed LLDP packet is received, l2cpd crashes and restarts.

The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP.

Remediation

Install update from vendor's website.

References

https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-LLDP-is-enabled-and-a-malformed-LLDP-packet-is-received-l2cpd-crashes-CVE-2024-21618