How severe is CVE-2024-39538?

This vulnerability has a severity rating of HIGH with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2024-39538?

This is classified as CWE-120, which is a common weakness in software security.

CVE-2024-39538 - HIGH Severity | CVSS 6.5

Vulnerability Description

A Buffer Copy without Checking Size of Input vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved on ACX7000 Series allows an unauthenticated, adjacent attacker to cause a Denial-of-Service (DoS).When multicast traffic with a specific, valid (S,G) is received, evo-pfemand crashes which leads to an outage of the affected FPC until it is manually recovered. This issue affects Junos OS Evolved on ACX7000 Series: * All versions before 21.2R3-S8-EVO, * 21.4-EVO versions before 21.4R3-S7-EVO, * 22.2-EVO versions before 22.2R3-S4-EVO, * 22.3-EVO versions before 22.3R3-S3-EVO, * 22.4-EVO versions before 22.4R3-S2-EVO, * 23.2-EVO versions before 23.2R2-EVO, * 23.4-EVO versions before 23.4R1-S2-EVO, 23.4R2-EVO.

Related Vulnerabilities

CVE-2014-1617

MEDIUM

CVSS:6.5(Medium)

Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Overflow vulnerability which can lead to denial of service.

CWE-1202014

CVE-2015-5745

MEDIUM

CVSS:6.5(Medium)

Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control m...

CWE-1202015

CVE-2017-2633

MEDIUM

CVSS:6.5(Medium)

An out-of-bounds memory access issue was found in Quick Emulator (QEMU) before 1.7.2 in the VNC display driver. This flaw could occur while refreshing the VNC display surface area in the 'vnc_refresh_...

CWE-1202017

CVE-2018-14652

MEDIUM

CVSS:6.5(Medium)

The Gluster file system through versions 3.12 and 4.1.4 is vulnerable to a buffer overflow in the 'features/index' translator via the code handling the 'GF_XATTR_CLRLK_CMD' xattr in the 'pl_getxattr' ...

CWE-1202018

CVE-2019-16336

MEDIUM

CVSS:6.5(Medium)

The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE component 3.61 and earlier processes data channel frames with a payload length larger than the configured link layer maximum RX payload si...

CWE-1202019

CVE-2019-17060

MEDIUM

CVSS:6.5(Medium)

The Bluetooth Low Energy (BLE) stack implementation on the NXP KW41Z (based on the MCUXpresso SDK with Bluetooth Low Energy Driver 2.2.1 and earlier) does not properly restrict the BLE Link Layer head...

CWE-1202019