ГлавнаяУязвимости → CVE-2026-21918
7.5высокая

CVE-2026-21918

→ есть в БДУ: BDU:2026-00458 (на русском)
Описание (на английском; русское — в БДУ выше)

A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of packets is encountered a double free happens. This causes flowd to crash and the respective FPC to restart. This issue affects Junos OS on SRX and MX Series: * all versions before 22.4R3-S7, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2.

Затрагиваемое ПО
Juniper JunosJuniper Mx10004Juniper Mx10008Juniper Mx2008Juniper Mx2010Juniper Mx2020Juniper Mx204Juniper Mx240Juniper Mx304Juniper Mx480Juniper Mx960Juniper Srx1500Juniper Srx1600Juniper Srx2300Juniper Srx300Juniper Srx320Juniper Srx340Juniper Srx345Juniper Srx380Juniper Srx4100Juniper Srx4120Juniper Srx4200Juniper Srx4300Juniper Srx4600Juniper Srx4700
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Источники
https://kb.juniper.net/JSA106018https://supportportal.juniper.net/JSA106018