Primary

Context

Juniper Networks Junos OS and Junos OS Evolved Double-Free Vulnerability in BGP Path Attribute Handling Leading to Denial-of-Service

Vulnerability

A double-free vulnerability has been identified in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. This vulnerability allows an attacker to send a malformed BGP Path attribute update, which is logged before the memory is freed. The improper handling of memory allocation and deallocation causes rpd to crash, resulting in a denial-of-service condition. This issue affects Junos OS versions from 22.4 prior to 22.4R3-S4 and Junos OS Evolved versions from 22.4 prior to 22.4R3-S4-EVO.

Impact

Exploitation of this vulnerability causes the routing process daemon (rpd) to crash, leading to a denial-of-service condition.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

5.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.8

impact

2.5

exploitability

5.9

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Juniper Networks Junos OS and Junos OS Evolved Double-Free Vulnerability in BGP Path Attribute Handling Leading to Denial-of-Service

Vulnerability

Impact

Affected Products

Juniper Networks Junos OS

Juniper Networks Junos OS Evolved

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating