{"vulnerability": "CVE-2024-39516", "sightings": [{"uuid": "9bdee3c8-3b00-457b-aa7e-3b8318bf7282", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39516", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113799443721205801", "content": "", "creation_timestamp": "2025-01-09T16:55:09.923020Z"}, {"uuid": "522aef5d-8a07-4098-97e5-e1407092a16a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39516", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/991", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-21600\n\ud83d\udd39 Description: An Out-of-Bounds Read vulnerability in\n\nthe routing protocol daemon (rpd) of \n\n Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\n\n\nThis issue only affects systems configured in\n      either of two ways:\n\n    \n    \n        *  systems with BGP traceoptions enabled\n\n        *  systems with BGP family traffic-engineering (BGP-LS)\n          configured\n\n\n and can be exploited from a directly connected and configured BGP peer.\u00a0\n\nThis issue affects iBGP and eBGP \n\nwith \n\nany address family\n\n configured, and both IPv4 and IPv6 are affected by this vulnerability.\n\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n  *  All versions before 21.4R3-S9,\u00a0\n  *  from 22.2 before 22.2R3-S5,\u00a0\n  *  from 22.3 before 22.3R3-S4,\u00a0\n  *  from 22.4 before 22.4R3-S5,\u00a0\n  *  from 23.2 before 23.2R2-S3,\u00a0\n  *  from 23.4 before 23.4R2-S3,\u00a0\n  *  from 24.2 before 24.2R1-S2, 24.2R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n  *  All versions before 21.4R3-S9-EVO,\u00a0\n  *  from 22.2 before 22.2R3-S5-EVO,\u00a0\n  *  from 22.3 before 22.3R3-S4-EVO,\u00a0\n  *  from 22.4 before 22.4R3-S5-EVO,\u00a0\n  *  from 23.2 before 23.2R2-S3-EVO,\u00a0\n  *  from 23.4 before 23.4R2-S2-EVO,\u00a0\n  *  from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO.\n\n\n\nThis is a similar, but different vulnerability than the issue reported as CVE-2024-39516.\n\ud83d\udccf Published: 2025-01-09T16:49:42.367Z\n\ud83d\udccf Modified: 2025-01-09T16:49:42.367Z\n\ud83d\udd17 References:\n1. https://supportportal.juniper.net/JSA92870", "creation_timestamp": "2025-01-09T17:19:54.000000Z"}, {"uuid": "3950b844-03ab-4ad6-bc20-dedd5c6a0ad9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39516", "type": "seen", "source": "https://t.me/cvedetector/7532", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-39516 - Juniper Networks Junos OS and Junos OS Evolved BGP Routing Protocol Daemon OOB Read Vulnerability\", \n  \"Content\": \"CVE ID : CVE-2024-39516 \nPublished : Oct. 9, 2024, 8:15 p.m. | 44\u00a0minutes ago \nDescription : An Out-of-Bounds Read vulnerability in  \n  \nthe routing protocol daemon (rpd) of   \n  \n Juniper Networks Junos OS and Junos OS Evolved\u00a0allows an unauthenticated network-based attacker sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.  \n  \nThis issue\u00a0requires a BGP session to be already established.\u00a0\u00a0Only systems with segment routing enabled are vulnerable to this issue.  \n  \n  \n  \nThis issue affects iBGP and eBGP with   \n  \nany address family  \n  \n configured.  \n  \nThis issue affects:  \n  \nJunos OS:\u00a0  \n  \n  \n  \n  *  All versions before 21.4R3-S8,  \n  *  22.2 before 22.2R3-S5,\u00a0  \n  *  22.3 before 22.3R3-S4,\u00a0  \n  *  22.4 before 22.4R3-S3,\u00a0  \n  *  23.2 before 23.2R2-S2,\u00a0  \n  *  23.4 before 23.4R2;\u00a0  \n  \n  \n  \n  \nJunos OS Evolved:\u00a0  \n  \n  \n  \n  *  All versions before 21.4R3-S8-EVO,\u00a0  \n  *  22.2-EVO before 22.2R3-S5-EVO,\u00a0  \n  *  22.3-EVO before 22.3R3-S4-EVO,\u00a0  \n  *  22.4-EVO before 22.4R3-S3-EVO,\u00a0  \n  *  23.2-EVO before 23.2R2-S2-EVO,\u00a0  \n  *  23.4-EVO before 23.4R2-EVO. \nSeverity: 7.5 | HIGH \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Oct 2024\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2024-10-09T23:11:20.000000Z"}, {"uuid": "683930e2-0382-445e-8df7-281816284e25", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39516", "type": "seen", "source": "Telegram/xMevvoDSNNsJlXZspG5SlPD3UI0rjKdwu57I9ZMvXptyVxcj", "content": "", "creation_timestamp": "2025-01-28T03:22:55.000000Z"}, {"uuid": "3857a87e-7442-4735-8a75-6c505597da6f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-39516", "type": "seen", "source": "https://t.me/cvedetector/14874", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2025-21600 - \"Juniper Networks Junos OS and Junos OS Evolved BGP Daemon OOB Read DoS\"\", \n  \"Content\": \"CVE ID : CVE-2025-21600 \nPublished : Jan. 9, 2025, 5:15 p.m. | 40\u00a0minutes ago \nDescription : An Out-of-Bounds Read vulnerability in  \n  \nthe routing protocol daemon (rpd) of   \n  \n Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.  \n  \n  \n  \nThis issue only affects systems configured in  \n      either of two ways:  \n  \n      \n      \n        *  systems with BGP traceoptions enabled  \n  \n        *  systems with BGP family traffic-engineering (BGP-LS)  \n          configured  \n  \n  \n and can be exploited from a directly connected and configured BGP peer.\u00a0  \n  \nThis issue affects iBGP and eBGP   \n  \nwith   \n  \nany address family  \n  \n configured, and both IPv4 and IPv6 are affected by this vulnerability.  \n  \nThis issue affects:  \n  \nJunos OS:\u00a0  \n  \n  \n  \n  *  All versions before 21.4R3-S9,\u00a0  \n  *  from 22.2 before 22.2R3-S5,\u00a0  \n  *  from 22.3 before 22.3R3-S4,\u00a0  \n  *  from 22.4 before 22.4R3-S5,\u00a0  \n  *  from 23.2 before 23.2R2-S3,\u00a0  \n  *  from 23.4 before 23.4R2-S3,\u00a0  \n  *  from 24.2 before 24.2R1-S2, 24.2R2;\u00a0  \n  \n  \n  \n  \nJunos OS Evolved:\u00a0  \n  \n  \n  \n  *  All versions before 21.4R3-S9-EVO,\u00a0  \n  *  from 22.2 before 22.2R3-S5-EVO,\u00a0  \n  *  from 22.3 before 22.3R3-S4-EVO,\u00a0  \n  *  from 22.4 before 22.4R3-S5-EVO,\u00a0  \n  *  from 23.2 before 23.2R2-S3-EVO,\u00a0  \n  *  from 23.4 before 23.4R2-S2-EVO,\u00a0  \n  *  from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO.  \n  \n  \n  \nThis is a similar, but different vulnerability than the issue reported as CVE-2024-39516. \nSeverity: 6.5 | MEDIUM \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"09 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-09T19:26:27.000000Z"}]}