cve/2024/CVE-2024-39529.md

### [CVE-2024-39529](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39529)
![](https://img.shields.io/static/v1?label=Product&message=Junos%20OS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=22.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=22.3%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=22.4%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=23.2%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-134%20Use%20of%20Externally-Controlled%20Format%20String&color=brightgreen)

### Description

A Use of Externally-Controlled Format String vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).If DNS Domain Generation Algorithm (DGA) detection or tunnel detection, and DNS-filtering traceoptions are configured, and specific valid transit DNS traffic is received this causes a PFE crash and restart, leading to a Denial of Service.This issue affects Junos OS:   *  All versions before 21.4R3-S6,  *  22.2 versions before 22.2R3-S3,  *  22.3 versions before 22.3R3-S3,  *  22.4 versions before 22.4R3,  *  23.2 versions before 23.2R2.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds