Juniper Networks Junos OS
Moderate fix6 remedies
cpe:2.3:a:juniper:junos:*:*:*:*:*:*:*, +2 more
Moderate fix6 remedies
- < 21.2R3-S9
- >= 21.4, < 21.5
- >= 22.2, < 22.3
- >= 22.4, < 22.4R3-S7
- >= 23.2, < 23.2R2-S3
- >= 23.4, < 23.4R2-S4
- >= 24.2, < 24.2R2
Juniper Networks Junos OS Incorrect Buffer Size Calculation Vulnerability in RPD Leading to Memory Corruption and Denial-of-Service
Vulnerability
Patched
A vulnerability has been identified in Juniper Networks Junos OS routing protocol daemon (RPD) due to an incorrect calculation of buffer size. This flaw allows an adjacent unauthenticated attacker to cause memory corruption, leading to a crash of the RPD process. The issue arises when a logical interface using a routing instance experiences continuous flaps, prompting specific updates to be sent to the Jflow/Sflow modules. This sequence results in memory corruption, causing RPD to crash and restart. The ongoing receipt of these updates can create a sustained denial-of-service condition.
Impact
Exploitation of this vulnerability causes the RPD process to crash and restart, leading to a continuous denial-of-service condition on the affected device.
Remediation
Users can upgrade to Junos OS versions 21.2R3-S9, 22.4R3-S7, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, or any subsequent release to address this vulnerability.
Added: Jul 11, 2025, 4:06 PM
Updated: Jul 11, 2025, 4:06 PM
Vulnerability Rating
Custom Algorithm
spread
6.8impact
2.5exploitability
4.9remediation
7.7relevance
0.2threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.