CVE-2025-21591 — Buffer Access with Incorrect Length Value in Networks Junos OS

CWE-805 — Buffer Access with Incorrect Length Value4 documents4 sources

Severity

7.1HIGHNVD

EPSS

0.1%

top 67.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedApr 9

Description

A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an unauthenticated, adjacent, attacker to send a DHCP packet with a malformed DHCP option to cause jdhcp to crash creating a Denial of Service (DoS) condition. Continuous receipt of these DHCP packets using the malformed DHCP Option will create a sustained Denial of Service (DoS) condition. This issue affects Junos OS: * from 23.1 before 23.2R2-S…

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os23.1 — 23.2R2-S3+2

▶NVDjuniper/junos4 versions+3

🔴Vulnerability Details

CVEList

Junos OS: An unauthenticated adjacent attacker sending a malformed DHCP packet causes jdhcpd to crash↗2025-04-09

▶

GHSA

GHSA-6pgh-5wh4-5pph: A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an↗2025-04-09

▶

📋Vendor Advisories

Juniper

CVE-2025-21591: A Buffer Access with Incorrect Length Value vulnerability in the jdhcpd daemon of Juniper Networks Junos OS, when DHCP snooping is enabled, allows an↗2025-04-09

▶