Unrated severityNVD Advisory· Published Jan 12, 2024· Updated Jun 17, 2025
Junos OS: SRX Series: When "tcp-encap" is configured and specific packets are received flowd will crash
CVE-2024-21606
Description
A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).
In a remote access VPN scenario, if a "tcp-encap-profile" is configured and a sequence of specific packets is received, a flowd crash and restart will be observed.
This issue affects Juniper Networks Junos OS on SRX Series:
- All versions earlier than 20.4R3-S8;
- 21.2 versions earlier than 21.2R3-S6;
- 21.3 versions earlier than 21.3R3-S5;
- 21.4 versions earlier than 21.4R3-S5;
- 22.1 versions earlier than 22.1R3-S3;
- 22.2 versions earlier than 22.2R3-S3;
- 22.3 versions earlier than 22.3R3-S1;
- 22.4 versions earlier than 22.4R2-S2, 22.4R3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2<20.4R3-S8, >=21.2 <21.2R3-S6, >=21.3 <21.3R3-S5, >=21.4 <21.4R3-S5, >=22.1 <22.1R3-S3, >=22.2 <22.2R3-S3, >=22.3 <22.3R3-S1, >=22.4 <22.4R2-S2,22.4R3+ 1 more
- (no CPE)range: <20.4R3-S8, >=21.2 <21.2R3-S6, >=21.3 <21.3R3-S5, >=21.4 <21.4R3-S5, >=22.1 <22.1R3-S3, >=22.2 <22.2R3-S3, >=22.3 <22.3R3-S1, >=22.4 <22.4R2-S2,22.4R3
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
2- supportportal.juniper.net/JSA75747mitrevendor-advisory
- www.first.org/cvss/calculator/4.0mitretechnical-description
News mentions
0No linked articles in our index yet.