CVE-2023-36833

A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).<br /> <br /> The process &amp;#39;aftman-bt&amp;#39; will crash after multiple flaps on a multicast-only fast reroute (MoFRR) enabled interface. This will cause the respective FPC to stop forwarding traffic and it needs to be rebooted to restore the service.<br /> <br /> An indication that the system experienced this issue is the following log message:<br /> <br />   evo-aftmand-bt[]: [Error] jexpr_fdb: sanity check failed, ... , app_name L3 Mcast Routes<br /> <br /> <br /> <br /> <br /> This issue affects Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202:<br /> 21.2 version 21.2R1-EVO and later versions;<br /> 21.3 version 21.3R1-EVO and later versions;<br /> 21.4 versions prior to 21.4R3-S3-EVO;<br /> 22.1 version 22.1R1-EVO and later versions;<br /> 22.2 versions prior to 22.2R3-S2-EVO;<br /> 22.3 versions prior to 22.3R3-EVO;<br /> 22.4 versions prior to 22.4R1-S2-EVO, 22.4R2-EVO.<br /> <br /> <br /> <br />