How severe is CVE-2021-0270?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2021-0270?

This is classified as CWE-362, which is a common weakness in software security.

CVE-2021-0270

MEDIUM Year: 2021

CVSS v3 Score

5.9

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-362

View all →

Vulnerability Description

On PTX Series and QFX10k Series devices with the "inline-jflow" feature enabled, a use after free weakness in the Packet Forwarding Engine (PFE) microkernel architecture of Juniper Networks Junos OS may allow an attacker to cause a Denial of Service (DoS) condition whereby one or more Flexible PIC Concentrators (FPCs) may restart. As this is a race condition situation this issue become more likely to be hit when network instability occurs, such as but not limited to BGP/IGP reconvergences, and/or further likely to occur when more active "traffic flows" are occurring through the device. When this issue occurs, it will cause one or more FPCs to restart unexpectedly. During FPC restarts core files will be generated. While the core file is generated traffic will be disrupted. Sustained receipt of large traffic flows and reconvergence-like situations may sustain the Denial of Service (DoS) situation. This issue affects: Juniper Networks Junos OS: 18.1 version 18.1R2 and later versions prior to 18.1R3-S10 on PTX Series, QFX10K Series.

CVE-2007-4774

MEDIUM

CVSS:5.9(Medium)

The Linux kernel before 2.4.36-rc1 has a race condition. It was possible to bypass systrace policies by flooding the ptraced process with SIGCONT signals, which can can wake up a PTRACED process.

CWE-3622007

CVE-2010-0021

MEDIUM

CVSS:5.9(Medium)

Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to c...

CWE-3622010

CVE-2012-3552

MEDIUM

CVSS:5.9(Medium)

Race condition in the IP implementation in the Linux kernel before 3.0 might allow remote attackers to cause a denial of service (slab corruption and system crash) by sending packets to an application...

CWE-3622012

CVE-2014-0245

MEDIUM

CVSS:5.9(Medium)

It was found that the implementation of the GTNSubjectCreatingInterceptor class in gatein-wsrp was not thread safe. For a specific WSRP endpoint, under high-concurrency scenarios or scenarios where SO...

CWE-3622014

CVE-2015-6569

MEDIUM

CVSS:5.9(Medium)

Race condition in the LoadBalancer module in the Atlassian Floodlight Controller before 1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and thread crash) via a state...

CWE-3622015

CVE-2016-10027

MEDIUM

CVSS:5.9(Medium)

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of clear...

CWE-3622016

CVE-2021-0270

Vulnerability Description

Related Vulnerabilities

CVE-2007-4774

CVE-2010-0021

CVE-2012-3552

CVE-2014-0245

CVE-2015-6569

CVE-2016-10027