CVE-2021-0271
Severity CVSS v4.0:
Pending analysis
Type:
CWE-415
Double Free
Publication date:
22/04/2021
Last modified:
23/07/2021
Description
A Double Free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Networks Junos OS allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. Continued receipt and processing of the crafted ARP packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX2200-C Series, EX3200 Series, EX3300 Series, EX4200 Series, EX4500 Series, EX4550 Series, EX6210 Series, EX8208 Series, EX8216 Series. 12.3 versions prior to 12.3R12-S17; 15.1 versions prior to 15.1R7-S8. This issue only affects the listed Marvell-chipset based EX Series devices. No other products or platforms are affected.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
3.30
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:juniper:junos:12.3:-:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.3:r1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.3:r10:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.3:r10-s1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.3:r10-s2:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.3:r11:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.3:r12:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.3:r12-s1:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.3:r12-s10:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.3:r12-s11:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.3:r12-s12:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.3:r12-s13:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.3:r12-s14:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.3:r12-s15:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:junos:12.3:r12-s16:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page