Sign-up

ID

VAR-202107-0516


CVE

CVE-2021-0293


TITLE

Pillow Buffer error vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

DESCRIPTION

A vulnerability in Juniper Networks Junos OS caused by Missing Release of Memory after Effective Lifetime leads to a memory leak each time the CLI command 'show system connections extensive' is executed. The amount of memory leaked on each execution depends on the number of TCP connections from and to the system. Repeated execution will cause more memory to leak and eventually daemons that need to allocate additionally memory and ultimately the kernel to crash, which will result in traffic loss. Continued execution of this command will cause a sustained Denial of Service (DoS) condition. An administrator can use the following CLI command to monitor for increase in memory consumption of the netstat process, if it exists: user@junos> show system processes extensive | match "username|netstat" PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 21181 root 100 0 5458M 4913M CPU3 2 0:59 97.27% netstat The following log message might be observed if this issue happens: kernel: %KERN-3: pid 21181 (netstat), uid 0, was killed: out of swap space This issue affects Juniper Networks Junos OS 18.2 versions prior to 18.2R2-S8, 18.2R3-S7. 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R1-S8, 18.4R2-S6, 18.4R3-S7; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S4; 19.2 versions prior to 19.2R1-S6, 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S1; 19.4 versions prior to 19.4R1-S4, 19.4R2-S3, 19.4R3-S1; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2-S1, 20.2R3; 20.3 versions prior to 20.3R1-S1, 20.3R2; This issue does not affect Juniper Networks Junos OS versions prior to 18.2R1. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 1.62

sources: NVD: CVE-2021-0293 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-372195 // VULMON: CVE-2021-0293

AFFECTED PRODUCTS

vendor:junipermodel:junosscope:eqversion:20.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.2

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.1

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:19.4

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:20.3

Trust: 1.0

vendor:junipermodel:junosscope:eqversion:18.4

Trust: 1.0

sources: NVD: CVE-2021-0293

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-0293
value: LOW

Trust: 1.0

sirt@juniper.net: CVE-2021-0293
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-1003
value: MEDIUM

Trust: 0.6

VULHUB: VHN-372195
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-0293
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-372195
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sirt@juniper.net: CVE-2021-0293
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-372195 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1003 // NVD: CVE-2021-0293 // NVD: CVE-2021-0293

PROBLEMTYPE DATA

problemtype:CWE-401

Trust: 1.1

sources: VULHUB: VHN-372195 // NVD: CVE-2021-0293

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202107-1003

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1003

EXTERNAL IDS

db:NVDid:CVE-2021-0293

Trust: 1.8

db:JUNIPERid:JSA11195

Trust: 1.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021071523

Trust: 0.6

db:CNNVDid:CNNVD-202107-1003

Trust: 0.6

db:VULHUBid:VHN-372195

Trust: 0.1

db:VULMONid:CVE-2021-0293

Trust: 0.1

sources: VULHUB: VHN-372195 // VULMON: CVE-2021-0293 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1003 // NVD: CVE-2021-0293

REFERENCES

url:https://kb.juniper.net/jsa11195

Trust: 1.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021071523

Trust: 0.6

url:https://vigilance.fr/vulnerability/junos-os-multiple-vulnerabilities-35897

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-0293

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-372195 // VULMON: CVE-2021-0293 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1003 // NVD: CVE-2021-0293

SOURCES

db:VULHUBid:VHN-372195
db:VULMONid:CVE-2021-0293
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-1003
db:NVDid:CVE-2021-0293

LAST UPDATE DATE

2024-08-14T12:57:03.457000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-372195date:2021-07-29T00:00:00
db:VULMONid:CVE-2021-0293date:2021-07-15T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-1003date:2021-08-24T00:00:00
db:NVDid:CVE-2021-0293date:2021-07-29T15:39:51.927

SOURCES RELEASE DATE

db:VULHUBid:VHN-372195date:2021-07-15T00:00:00
db:VULMONid:CVE-2021-0293date:2021-07-15T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-1003date:2021-07-14T00:00:00
db:NVDid:CVE-2021-0293date:2021-07-15T20:15:11.177