A Double Free vulnerability in the software forwarding interface daemon (sfid) process of Juniper Networks Junos OS allows an adjacently-connected attacker to cause a Denial of Service (DoS) by sending a crafted ARP packet to the device. Continued receipt and processing of the crafted ARP packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS on EX2200-C Series, EX3200 Series, EX3300 Series, EX4200 Series, EX4500 Series, EX4550 Series, EX6210 Series, EX8208 Series, EX8216 Series. 12.3 versions prior to 12.3R12-S17; 15.1 versions prior to 15.1R7-S8. This issue only affects the listed Marvell-chipset based EX Series devices. No other products or platforms are affected.
Published 2021-04-22 20:15:10
Updated 2021-07-23 19:11:27
View at NVD,   CVE.org
Vulnerability category: Memory CorruptionDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2021-0271

0.06%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 23 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-0271

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
3.3
LOW AV:A/AC:L/Au:N/C:N/I:N/A:P
6.5
2.9
NIST
6.5
MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.8
3.6
NIST
6.5
MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
2.8
3.6
Juniper Networks, Inc.

CWE ids for CVE-2021-0271

  • The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.
    Assigned by:
    • nvd@nist.gov (Primary)
    • sirt@juniper.net (Secondary)

References for CVE-2021-0271

  • https://kb.juniper.net/JSA11162
    2021-04 Security Bulletin: Junos OS: EX2200-C Series, EX3200 Series, EX3300 Series, EX4200 Series, EX4500 Series, EX4550 Series, EX6210 Series, EX8208 Series, EX8216 Series: Receipt of a crafted ARP p
    Vendor Advisory

Products affected by CVE-2021-0271

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!