8.7

CVE-2025-52980

A Use of Incorrect Byte Ordering 

vulnerability 

in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).



When a BGP update is received over an established BGP session which contains a specific, valid, optional, transitive path attribute, rpd will crash and restart.

This issue affects eBGP and iBGP over IPv4 and IPv6.



This issue affects:

Junos OS:



  *  22.1 versions from 22.1R1 before 22.2R3-S4,
  *  22.3 versions before 22.3R3-S3,
  *  22.4 versions before 22.4R3-S2,
  *  23.2 versions before 23.2R2,
  *  23.4 versions before 23.4R2.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JuniperJunos Version22.1 Updater1
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.1 Updater1-s1
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.1 Updater1-s2
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.1 Updater2
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.1 Updater2-s1
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.1 Updater2-s2
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.1 Updater3
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.1 Updater3-s1
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.1 Updater3-s2
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.1 Updater3-s3
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.3 Update-
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.3 Updater1
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.3 Updater1-s1
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.3 Updater1-s2
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.3 Updater2
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.3 Updater2-s1
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.3 Updater2-s2
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.3 Updater3
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.3 Updater3-s1
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.3 Updater3-s2
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.4 Update-
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.4 Updater1
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.4 Updater1-s1
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.4 Updater1-s2
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.4 Updater2
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.4 Updater2-s1
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.4 Updater2-s2
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.4 Updater3
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version22.4 Updater3-s1
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version23.2 Update-
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version23.2 Updater1
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version23.2 Updater1-s1
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version23.2 Updater1-s2
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version23.4 Update-
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version23.4 Updater1
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version23.4 Updater1-s1
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
JuniperJunos Version23.4 Updater1-s2
   JuniperSrx300 Version-
   JuniperSrx320 Version-
   JuniperSrx340 Version-
   JuniperSrx345 Version-
   JuniperSrx380 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.07% 0.201
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
sirt@juniper.net 8.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X
sirt@juniper.net 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-198 Use of Incorrect Byte Ordering

The product receives input from an upstream component, but it does not account for byte ordering (e.g. big-endian and little-endian) when processing the input, causing an incorrect number or value to be used.