What is CVE-2023-36838?

CVE-2023-36838 is a medium-severity vulnerability in Juniper Csrx, classified under Out-of-bounds Read. CVSS score: 5.5/10. Published 2023-07-14.

How severe is CVE-2023-36838?

Medium severity. CVSS v3 base score is 5.5 out of 10.

Out-of-bounds Read in Juniper Csrx

CVE-2023-36838

An Out-of-bounds Read vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a local, authenticated attacker with low privileges, to cause a Denial of Service (DoS). If a low privileged user…

Vulnerability class: Buffer Overflow

EPSS: 0.002 (7.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Juniper Csrx
Juniper Junos — versions 20.2, 20.3, 20.4
Juniper Srx100
Juniper Srx110
Juniper Srx1400
Juniper Srx1500
Juniper Srx210
Juniper Srx220
Juniper Srx240
Juniper Srx240h2

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

sirt@juniper.net (Vendor Advisory)

Frequently asked questions

What is CVE-2023-36838?: CVE-2023-36838 is a medium-severity vulnerability in Juniper Csrx, classified under Out-of-bounds Read. CVSS score: 5.5/10. Published 2023-07-14.
How severe is CVE-2023-36838?: Medium severity. CVSS v3 base score is 5.5 out of 10.