8.7

CVE-2025-52980

A Use of Incorrect Byte Ordering 

vulnerability 

in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS on SRX300 Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).



When a BGP update is received over an established BGP session which contains a specific, valid, optional, transitive path attribute, rpd will crash and restart.

This issue affects eBGP and iBGP over IPv4 and IPv6.



This issue affects:

Junos OS:



  *  22.1 versions from 22.1R1 before 22.2R3-S4,
  *  22.3 versions before 22.3R3-S3,
  *  22.4 versions before 22.4R3-S2,
  *  23.2 versions before 23.2R2,
  *  23.4 versions before 23.4R2.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerJuniper Networks
Produkt Junos OS
Default Statusunaffected
Version < 22.2R3-S4
Version 22.2
Status affected
Version < 22.3R3-S3
Version 22.3
Status affected
Version < 22.4R3-S2
Version 22.4
Status affected
Version < 23.2R2
Version 23.2
Status affected
Version < 23.4R2
Version 23.4
Status affected
Version < 22.1R1
Version 0
Status unaffected
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.06% 0.189
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
sirt@juniper.net 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
sirt@juniper.net 8.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:X/RE:M/U:X
CWE-198 Use of Incorrect Byte Ordering

The product receives input from an upstream component, but it does not account for byte ordering (e.g. big-endian and little-endian) when processing the input, causing an incorrect number or value to be used.