SB2025041014 - Junos Space update for third-party components
Published: April 10, 2025 Updated: August 29, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 50 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2024-36971)
The vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a use-after-free error within the xfrm_link_failure() function in net/xfrm/xfrm_policy.c, within the dst_entry ip6_dst_check() and ip6_dst_check() functions in net/ipv6/route.c, within the dst_entry ipv4_dst_check() and ip_do_redirect() functions in net/ipv4/route.c. A remote attacker can send specially crafted packets to the system and execute arbitrary code.
Note, the vulnerability is being actively exploited in the wild.
2) Input validation error (CVE-ID: CVE-2022-39253)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to the way Git handles hardlinks when performing a local clone. A remote attacker can trick the victim into clocking a malicious repository and create or copy hardlinks to critical files on the system, which can result in sensitive information exposure.
3) Code injection (CVE-ID: CVE-2024-32465)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation when working with zip files or tarballs during cloning. A remote attacker can and execute arbitrary code on the target system.
4) Stack-based buffer overflow (CVE-ID: CVE-2024-33599)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in nscd binary. A remote unauthenticated attacker can exhaust the nscd fixed size cache to trigger a stack-based buffer overflow and execute arbitrary code on the target system.
5) NULL pointer dereference (CVE-ID: CVE-2024-33600)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when nscd cache fails to add a not-found netgroup response to the cache. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
6) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2024-33601)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The
vulnerability exists due to the Name Service Cache Daemon (nscd) can terminate the service during its startup. A local use can perform a denial of service (DoS) attack.
7) Buffer overflow (CVE-ID: CVE-2024-33602)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to netgroup cache assumes NSS callback is using in-buffer strings in nscd binary. A remote attacker can trigger memory corruption and perform a denial of service (DoS) attack.
8) Input validation error (CVE-ID: CVE-2024-35845)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the iwl_dbg_tlv_alloc_debug_info() function in drivers/net/wireless/intel/iwlwifi/iwl-dbg-tlv.c. A local user can perform a denial of service (DoS) attack.
9) Use-after-free (CVE-ID: CVE-2024-35899)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_tables_module_exit() function in net/netfilter/nf_tables_api.c. A local user can escalate privileges on the system.
10) Resource exhaustion (CVE-ID: CVE-2024-3651)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the idna.encode() function. A remote attacker can pass an overly long domain name to the application and perform a denial of service (DoS) attack.
11) Reachable assertion (CVE-ID: CVE-2024-3652)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the compute_proto_keymat() function when handling IKEv1 packets within the default AH/ESP responder. A remote authenticated user can send specially crafted packets to the server and perform a denial of service (DoS) attack.
12) Out-of-bounds read (CVE-ID: CVE-2024-39487)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an out-of-bounds read error within the bond_option_arp_ip_targets_set() function in drivers/net/bonding/bond_options.c. A local user can perform a denial of service (DoS) attack.
13) UNIX Hard Link (CVE-ID: CVE-2024-32020)
The vulnerability allows a remote attacker to compromise the original repository.
The vulnerability exists due to insecure hardlink following when working with local clones. Local clones may end up hardlinking files into the target repository's object database when source and target repository reside on the same disk. If the source repository is owned by a different user, then those hardlinked files may be rewritten at any point in time by the untrusted user.
14) Reachable assertion (CVE-ID: CVE-2024-4076)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when serving both stale cache data and authoritative zone content. A remote attacker can send specially crafted queries to the DNS server to trigger an assertion failure and perform a denial of service (DoS) attack.
15) Use-after-free (CVE-ID: CVE-2024-40782)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content. A remote attacker can trick the victim to open a specially crafted website, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
16) Out-of-bounds read (CVE-ID: CVE-2024-40789)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger an out-of-bounds read error and crash the browser.
17) Spoofing attack (CVE-ID: CVE-2024-40866)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to incorrect processing of user-supplied data in WebKit. A remote attacker can spoof the browser's address bar.
18) Use-after-free (CVE-ID: CVE-2024-40954)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the sk_common_release() function in net/core/sock.c. A local user can escalate privileges on the system.
19) Use-after-free (CVE-ID: CVE-2024-40958)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the EXPORT_SYMBOL_GPL() function in net/core/net_namespace.c. A local user can escalate privileges on the system.
20) UNIX symbolic link following (CVE-ID: CVE-2024-42472)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue when mounting persistent directories. A local user can create a specially crafted symbolic link and escape sandbox.
21) Protection Mechanism Failure (CVE-ID: CVE-2024-44187)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error when handling "iframe" elements in WebKit. A remote attacker can exfiltrate data cross-origin.
22) Incorrect Regular Expression (CVE-ID: CVE-2024-6232)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of .tar archives when processing it with regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
23) NULL pointer dereference (CVE-ID: CVE-2024-7006)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in tif_dirinfo.c. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
24) UNIX symbolic link following (CVE-ID: CVE-2024-32021)
The vulnerability allows a remote attacker to compromise the original repository.
The vulnerability exists due to insecure symlink following issue. When cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target repository in the objects/ directory.
25) Code Injection (CVE-ID: CVE-2024-32004)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a process control issue while cloning special-crafted local repositories. A remote attacker can execute arbitrary code on the target system.
26) Buffer overflow (CVE-ID: CVE-2024-42284)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to memory corruption within the tipc_udp_addr2str() function in net/tipc/udp_media.c. A local user can escalate privileges on the system.
27) Improper input validation (CVE-ID: CVE-2024-21217)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Serialization component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
28) Use-after-free (CVE-ID: CVE-2021-47596)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the hclgevf_send_mbx_msg() function in drivers/net/ethernet/hisilicon/hns3/hns3vf/hclgevf_mbx.c. A local user can escalate privileges on the system.
29) NULL pointer dereference (CVE-ID: CVE-2022-24808)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in NET-SNMP-AGENT-MIB::nsLogTable when handling malformed OID in a SET request. A remote user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
30) Information disclosure (CVE-ID: CVE-2023-28746)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to information exposure through microarchitectural state after transient execution from some register files for some Intel Atom Processors. A local user can gain access to sensitive information.
31) Out-of-bounds read (CVE-ID: CVE-2023-48161)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the DumpSCreen2RGB() function in gif2rgb.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
32) UNIX symbolic link following (CVE-ID: CVE-2023-6597)
The vulnerability allows a local user to delete arbitrary files on the system.
The vulnerability exists due to a symlink following issue during cleanup when handling temporary files. A local user can create a specially crafted symbolic link to a critical file on the system and delete it.
33) Resource exhaustion (CVE-ID: CVE-2024-0450)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the zipfile module does not properly control consumption of internal resources when extracting files from a zip archive. A remote attacker can pass a specially crafted archive aka zip-bomb to the application, trigger resource exhaustion and perform a denial of service (DoS) attack.
34) Resource management error (CVE-ID: CVE-2024-1737)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when handling a very large number of RRs. Resolver caches and authoritative zone databases that hold significant numbers of RRs for the same hostname (of any RTYPE) can suffer from degraded performance as content is being added or updated, and also when handling client queries for this name.
35) Resource exhaustion (CVE-ID: CVE-2024-1975)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. If a server hosts a zone containing a "KEY" Resource Record, or a resolver DNSSEC-validates a "KEY" Resource Record from a DNSSEC-signed domain in cache, a client can exhaust resolver CPU resources by sending a stream of SIG(0) signed requests.
36) Improper input validation (CVE-ID: CVE-2024-21208)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Networking component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
37) Improper input validation (CVE-ID: CVE-2024-21210)
The vulnerability allows a remote non-authenticated attacker to manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle Java SE. A remote non-authenticated attacker can exploit this vulnerability to manipulate data.
38) Improper input validation (CVE-ID: CVE-2024-21235)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
The vulnerability exists due to improper input validation within the Hotspot component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to read and manipulate data.
39) Arbitrary file upload (CVE-ID: CVE-2024-32002)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload. A remote attacker can upload a malicious file and execute it on the server.
40) Deserialization of Untrusted Data (CVE-ID: CVE-2024-21823)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insecure deserialization in hardware logic. A local user can perform a denial of service (DoS) attack.
41) Security features bypass (CVE-ID: CVE-2024-23271)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to a logic error in WebKit, which can lead to unexpected cross-origin behavior. A remote attacker can trick the victim to visit a specially crafted website and bypass implemented security restrictions.
42) Use-after-free (CVE-ID: CVE-2024-26735)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the seg6_init() function in net/ipv6/seg6.c. A local user can escalate privileges on the system.
43) Use-after-free (CVE-ID: CVE-2024-26852)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ip6_route_multipath_add() and list_for_each_entry_safe() functions in net/ipv6/route.c. A local user can escalate privileges on the system.
44) Information disclosure (CVE-ID: CVE-2024-26993)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to information disclosure within the sysfs_break_active_protection() function in fs/sysfs/file.c. A local user can gain access to sensitive information.
45) Use-after-free (CVE-ID: CVE-2024-27052)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rtl8xxxu_stop() function in drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c. A local user can escalate privileges on the system.
46) Buffer overflow (CVE-ID: CVE-2024-27820)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit Web Inspector. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
47) Information disclosure (CVE-ID: CVE-2024-27838)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output in WebKit. A remote attacker can fingerprint website users.
48) Buffer overflow (CVE-ID: CVE-2024-27851)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
49) Input validation error (CVE-ID: CVE-2024-28182)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to reading the unbounded number of HTTP/2 CONTINUATION frames. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
50) Buffer overflow (CVE-ID: CVE-2024-2961)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the iconv() function when converting string to the ISO-2022-CN-EXT character set. A remote attacker can pass specially crafted input to the application, trigger a 4 byte buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.