VYPR
Unrated severityNVD Advisory· Published Apr 17, 2023· Updated Feb 5, 2025

Junos OS: QFX Series: The PFE may crash when a lot of MAC addresses are being learned and aged

CVE-2023-28984

Description

A Use After Free vulnerability in the Layer 2 Address Learning Manager (l2alm) of Juniper Networks Junos OS on QFX Series allows an adjacent attacker to cause the Packet Forwarding Engine to crash and restart, leading to a Denial of Service (DoS). The PFE may crash when a lot of MAC learning and aging happens, but due to a Race Condition (Concurrent Execution using Shared Resource with Improper Synchronization) that is outside the attackers direct control. This issue affects: Juniper Networks Junos OS versions prior to 19.4R3-S10 on QFX Series; 20.2 versions prior to 20.2R3-S7 on QFX Series; 20.3 versions prior to 20.3R3-S6 on QFX Series; 20.4 versions prior to 20.4R3-S5 on QFX Series; 21.1 versions prior to 21.1R3-S4 on QFX Series; 21.2 versions prior to 21.2R3-S3 on QFX Series; 21.3 versions prior to 21.3R3-S3 on QFX Series; 21.4 versions prior to 21.4R3 on QFX Series; 22.1 versions prior to 22.1R3 on QFX Series; 22.2 versions prior to 22.2R2 on QFX Series.

Affected products

2
  • Juniper Networks/Junosllm-fuzzy2 versions
    QFX Series: <19.4R3-S10, >=20.2 <20.2R3-S7, >=20.3 <20.3R3-S6, >=20.4 <20.4R3-S5, >=21.1 <21.1R3-S4, >=21.2 <21.2R3-S3, >=21.3 <21.3R3-S3, >=21.4 <21.4R3, >=22.1 <22.1R3, >=22.2 <22.2R2+ 1 more
    • (no CPE)range: QFX Series: <19.4R3-S10, >=20.2 <20.2R3-S7, >=20.3 <20.3R3-S6, >=20.4 <20.4R3-S5, >=21.1 <21.1R3-S4, >=21.2 <21.2R3-S3, >=21.3 <21.3R3-S3, >=21.4 <21.4R3, >=22.1 <22.1R3, >=22.2 <22.2R2
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.