1. Home
  2. CVE Database
  3. CVE-2021-31367
MEDIUM · 6.5

CVE-2021-31367

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows an adjacent attacker to cause a Denial of Ser...

Vulnerability Description

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows an adjacent attacker to cause a Denial of Service (DoS) by sending genuine BGP flowspec packets which cause an FPC heap memory leak. Once having run out of memory the FPC will crash and restart along with a core dump. Continued receipted of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS All versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R3-S6; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R3; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2. Juniper Networks Junos Evolved is not affected.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH

Affected Products

VendorProductVersions
JuniperJunos18.4
JuniperPtx1000-
JuniperPtx10001-36Mr-
JuniperPtx10002-
JuniperPtx10003-
JuniperPtx10004-
JuniperPtx10008-
JuniperPtx10016-
JuniperPtx3000-
JuniperPtx5000-

Related Weaknesses (CWE)

CWE-401

References

FAQ

What is CVE-2021-31367?

CVE-2021-31367 is a vulnerability with a CVSS score of 6.5 (MEDIUM). A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows an adjacent attacker to cause a Denial of Ser...

How severe is CVE-2021-31367?

CVE-2021-31367 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-31367?

Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos, Juniper Ptx1000, Juniper Ptx10001-36Mr, Juniper Ptx10002, Juniper Ptx10003.