CVE-2026-21918
Gravedad CVSS v4.0:
ALTA
Tipo:
CWE-415
Doble liberación
Fecha de publicación:
15/01/2026
Última modificación:
15/01/2026
Descripción
*** Pendiente de traducción *** A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of packets is encountered a double free happens. This causes flowd to crash and the respective FPC to restart.<br />
<br />
<br />
<br />
<br />
<br />
This issue affects Junos OS on SRX and MX Series:<br />
<br />
<br />
<br />
* all versions before 22.4R3-S7,<br />
* 23.2 versions before 23.2R2-S3,<br />
* 23.4 versions before 23.4R2-S4,<br />
* 24.2 versions before 24.2R2.
Impacto
Puntuación base 4.0
8.70
Gravedad 4.0
ALTA
Puntuación base 3.x
7.50
Gravedad 3.x
ALTA