Juniper Networks Junos OS Evolved Tunnel Driver Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Juniper Tunnel Driver (jtd) of Juniper Networks Junos OS Evolved. This vulnerability allows an unauthenticated, network-based attacker to cause a system crash by exploiting a missing release of memory after the effective lifetime. The issue arises when specifically malformed IPv6 packets are received and processed by the device, leading to kernel memory exhaustion. Systems configured with IPv6 are affected, causing a sustained denial-of-service condition. The vulnerability impacts Junos OS Evolved versions from 22.4-EVO prior to 22.4R3-S5-EVO, from 23.2-EVO prior to 23.2R2-S2-EVO, from 23.4-EVO prior to 23.4R2-S2-EVO, and from 24.2-EVO prior to 24.2R1-S2-EVO, as well as 24.2R2-EVO. Systems running versions prior to 22.4R1-EVO are not affected.

Impact

Exploitation of this vulnerability leads to memory exhaustion in the kernel, causing a system crash and a denial-of-service condition. Continuous processing of the malformed IPv6 packets can sustain this denial-of-service state.