Use-After-Free in Junos OS Evolved PFE causing DoS on PTX series
CVE-2023-36833 Published on July 14, 2023
Junos OS Evolved: PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202: The aftman-bt process will crash in a MoFRR scenario after multiple link flaps
A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).
The process 'aftman-bt' will crash after multiple flaps on a multicast-only fast reroute (MoFRR) enabled interface. This will cause the respective FPC to stop forwarding traffic and it needs to be rebooted to restore the service.
An indication that the system experienced this issue is the following log message:
<date> <hostname> evo-aftmand-bt[<pid>]: [Error] jexpr_fdb: sanity check failed, ... , app_name L3 Mcast Routes
This issue affects Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202:
21.2 version 21.2R1-EVO and later versions;
21.3 version 21.3R1-EVO and later versions;
21.4 versions prior to 21.4R3-S3-EVO;
22.1 version 22.1R1-EVO and later versions;
22.2 versions prior to 22.2R3-S2-EVO;
22.3 versions prior to 22.3R3-EVO;
22.4 versions prior to 22.4R1-S2-EVO, 22.4R2-EVO.
Vulnerability Analysis
Weakness Type
What is a Dangling pointer Vulnerability?
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
CVE-2023-36833 has been classified to as a Dangling pointer vulnerability or weakness.
Products Associated with CVE-2023-36833
Want to know whenever a new CVE is published for Juniper Networks Junos Evolved? stack.watch will email you.
Affected Versions
Juniper Networks Junos OS Evolved:- Version 21.2 and below 21.2* is affected.
- Version 21.3 and below 21.3* is affected.
- Version 21.4 and below 21.4R3-S3-EVO is affected.
- Version 22.1 and below 22.1* is affected.
- Version 22.2 and below 22.2R3-S2-EVO is affected.
- Version 22.3 and below 22.3R3-EVO is affected.
- Version 22.4 and below 22.4R1-S2-EVO, 22.4R2-EVO is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.