Juniper Networks Junos OS Stack-Based Buffer Overflow Vulnerability in Packet Forwarding Engine Leading to Denial-of-Service

A stack-based buffer overflow vulnerability has been identified in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS. This vulnerability allows a network-based attacker with low privileges to cause a denial-of-service (DoS) condition. The issue arises when subscribing to telemetry sensors at scale, causing all Flexible PIC Concentrator (FPC) connections to drop, which in turn leads to an FPC crash and restart. Notably, this problem was not observed when the YANG packages for the specific sensors were installed. The vulnerability affects all versions of Junos OS prior to 22.4R3-S7, as well as versions 23.2 prior to 23.2R2-S4 and 23.4 prior to 23.4R2. Devices are only exposed to this vulnerability if gRPC services are configured.

Impact

Exploitation of this vulnerability causes all FPC connections to drop, resulting in an FPC crash and restart.

Remediation

Users can upgrade to Junos OS versions 22.4R3-S7, 23.2R2-S4, 23.4R2, 24.2R1, or any subsequent release. This vulnerability is tracked as PR1811989.