Sign-up

ID

VAR-202107-0493


CVE

CVE-2021-0282


TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

On Juniper Networks Junos OS devices with Multipath or add-path feature enabled, processing a specific BGP UPDATE can lead to a routing process daemon (RPD) crash and restart, causing a Denial of Service (DoS). Continued receipt and processing of this UPDATE message will create a sustained Denial of Service (DoS) condition. This BGP UPDATE message can propagate to other BGP peers with vulnerable Junos versions on which Multipath or add-path feature is enabled, and cause RPD to crash and restart. This issue affects both IBGP and EBGP deployments in IPv4 or IPv6 network. Junos OS devices that do not have the BGP Multipath or add-path feature enabled are not affected by this issue. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S18; 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S11; 17.4 versions prior to 17.4R2-S13, 17.4R3-S4; 18.1 versions prior to 18.1R3-S12; 18.2 versions prior to 18.2R3-S7; 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R2-S6, 18.4R3-S6; 19.1 versions prior to 19.1R3-S3;. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Juniper Networks Junos OS is a set of network operating system of Juniper Networks (Juniper Networks) dedicated to the company's hardware equipment. The operating system provides a secure programming interface and Junos SDK. No detailed vulnerability details were provided at this time

Trust: 1.62

sources: NVD: CVE-2021-0282 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-372184 // VULMON: CVE-2021-0282

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:17.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:17.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:15.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:12.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

sources: NVD: CVE-2021-0282

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-0282
value: HIGH

Trust: 1.0

sirt@juniper.net: CVE-2021-0282
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-994
value: HIGH

Trust: 0.6

VULHUB: VHN-372184
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-0282
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-372184
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sirt@juniper.net: CVE-2021-0282
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-372184 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-994 // NVD: CVE-2021-0282 // NVD: CVE-2021-0282

PROBLEMTYPE DATA

problemtype:CWE-754

Trust: 1.1

sources: VULHUB: VHN-372184 // NVD: CVE-2021-0282

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-994

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

EXTERNAL IDS

db:NVDid:CVE-2021-0282

Trust: 1.8

db:JUNIPERid:JSA11186

Trust: 1.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.2392

Trust: 0.6

db:CS-HELPid:SB2021071917

Trust: 0.6

db:CNNVDid:CNNVD-202107-994

Trust: 0.6

db:CNVDid:CNVD-2021-51482

Trust: 0.1

db:VULHUBid:VHN-372184

Trust: 0.1

db:VULMONid:CVE-2021-0282

Trust: 0.1

sources: VULHUB: VHN-372184 // VULMON: CVE-2021-0282 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-994 // NVD: CVE-2021-0282

REFERENCES

url:https://kb.juniper.net/jsa11186

Trust: 1.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-35897

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2392

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071917

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-0282

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-372184 // VULMON: CVE-2021-0282 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-994 // NVD: CVE-2021-0282

SOURCES

db:VULHUBid:VHN-372184
db:VULMONid:CVE-2021-0282
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-994
db:NVDid:CVE-2021-0282

LAST UPDATE DATE

2024-08-14T13:07:56.683000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-372184date:2021-07-27T00:00:00
db:VULMONid:CVE-2021-0282date:2021-07-15T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-994date:2021-08-25T00:00:00
db:NVDid:CVE-2021-0282date:2021-07-27T19:07:26.877

SOURCES RELEASE DATE

db:VULHUBid:VHN-372184date:2021-07-15T00:00:00
db:VULMONid:CVE-2021-0282date:2021-07-15T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-994date:2021-07-14T00:00:00
db:NVDid:CVE-2021-0282date:2021-07-15T20:15:09.960