CVE-2024-39516

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://supportportal.juniper.net/JSA88100", "name": "https://supportportal.juniper.net/JSA88100", "tags": [], "refsource": ""}, {"url": "https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/traceoptions-edit-protocols-bgp.html", "name": "https://www.juniper.net/documentation/us/en/software/junos/cli-reference/topics/ref/statement/traceoptions-edit-protocols-bgp.html", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "An Out-of-Bounds Read vulnerability in\n\nthe routing protocol daemon (rpd) of \n\n Juniper Networks Junos OS and Junos OS Evolved\u00a0allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\n\nThis issue only affects systems configured in\n either of two ways:\n\n \n \n * systems with BGP traceoptions enabled\n\n * systems with BGP traffic engineering\n configured\n\n \n\n\nThis issue can affect iBGP and eBGP with \n\nany address family\n\n configured.\u00a0The specific attribute involved is non-transitive, and will not propagate across a network.\n\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * All versions before 21.4R3-S8,\n * 22.2 before 22.2R3-S5,\u00a0\n * 22.3 before 22.3R3-S4,\u00a0\n * 22.4 before 22.4R3-S3,\u00a0\n * 23.2 before 23.2R2-S2,\u00a0\n * 23.4 before 23.4R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * All versions before 21.4R3-S8-EVO,\u00a0\n * 22.2-EVO before 22.2R3-S5-EVO,\u00a0\n * 22.3-EVO before 22.3R3-S4-EVO,\u00a0\n * 22.4-EVO before 22.4R3-S3-EVO,\u00a0\n * 23.2-EVO before 23.2R2-S2-EVO,\u00a0\n * 23.4-EVO before 23.4R2-EVO."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-125"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2024-39516", "ASSIGNER": "sirt@juniper.net"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}}, "publishedDate": "2024-10-09T20:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2024-10-16T22:15Z"}