8.7
CVE-2025-21599
- EPSS 0.59%
- Veröffentlicht 09.01.2025 17:15:18
- Zuletzt bearbeitet 26.01.2026 19:34:46
- Quelle sirt@juniper.net
- CVE-Watchlists
- Unerledigt
Junos OS Evolved: Receipt of specifically malformed IPv6 packets causes kernel memory exhaustion leading to Denial of Service
A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver (jtd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service. Receipt of specifically malformed IPv6 packets, destined to the device, causes kernel memory to not be freed, resulting in memory exhaustion leading to a system crash and Denial of Service (DoS). Continuous receipt and processing of these packets will continue to exhaust kernel memory, creating a sustained Denial of Service (DoS) condition. This issue only affects systems configured with IPv6. This issue affects Junos OS Evolved: * from 22.4-EVO before 22.4R3-S5-EVO, * from 23.2-EVO before 23.2R2-S2-EVO, * from 23.4-EVO before 23.4R2-S2-EVO, * from 24.2-EVO before 24.2R1-S2-EVO, 24.2R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 22.4R1-EVO.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Juniper ≫ Junos Os Evolved Version22.4 Update-
Juniper ≫ Junos Os Evolved Version22.4 Updater1
Juniper ≫ Junos Os Evolved Version22.4 Updater1-s1
Juniper ≫ Junos Os Evolved Version22.4 Updater1-s2
Juniper ≫ Junos Os Evolved Version22.4 Updater2
Juniper ≫ Junos Os Evolved Version22.4 Updater2-s1
Juniper ≫ Junos Os Evolved Version22.4 Updater2-s2
Juniper ≫ Junos Os Evolved Version22.4 Updater3
Juniper ≫ Junos Os Evolved Version22.4 Updater3-s1
Juniper ≫ Junos Os Evolved Version22.4 Updater3-s2
Juniper ≫ Junos Os Evolved Version22.4 Updater3-s3
Juniper ≫ Junos Os Evolved Version22.4 Updater3-s4
Juniper ≫ Junos Os Evolved Version23.2 Update-
Juniper ≫ Junos Os Evolved Version23.2 Updater1
Juniper ≫ Junos Os Evolved Version23.2 Updater1-s1
Juniper ≫ Junos Os Evolved Version23.2 Updater1-s2
Juniper ≫ Junos Os Evolved Version23.2 Updater2
Juniper ≫ Junos Os Evolved Version23.2 Updater2-s1
Juniper ≫ Junos Os Evolved Version23.4 Update-
Juniper ≫ Junos Os Evolved Version23.4 Updater1
Juniper ≫ Junos Os Evolved Version23.4 Updater1-s1
Juniper ≫ Junos Os Evolved Version23.4 Updater1-s2
Juniper ≫ Junos Os Evolved Version23.4 Updater2
Juniper ≫ Junos Os Evolved Version23.4 Updater2-s1
Juniper ≫ Junos Os Evolved Version24.2 Update-
Juniper ≫ Junos Os Evolved Version24.2 Updater1
Juniper ≫ Junos Os Evolved Version24.2 Updater2
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.59% | 0.434 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| sirt@juniper.net | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| sirt@juniper.net | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://supportportal.juniper.net/JSA92869