CVE-2025-21599Missing Release of Memory after Effective Lifetime in Networks Junos OS Evolved

CWE-401Missing Release of Memory after Effective Lifetime4 documents4 sources
Severity
8.7HIGHNVD
EPSS
0.3%
top 43.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OS EvolvedJuniper Junos OS Evolved
Timeline
PublishedJan 9

Description

A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver (jtd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service. Receipt of specifically malformed IPv6 packets, destined to the device, causes kernel memory to not be freed, resulting in memory exhaustion leading to a system crash and Denial of Service (DoS). Continuous receipt and processing of these packets will continue to exhaust kernel memo

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages2 packages

CVEListV5juniper_networks/junos_os_evolved22.4-EVO22.4R3-S5-EVO+3
NVDjuniper/junos_os_evolved4 versions+3

🔴Vulnerability Details

2
CVEList
Junos OS Evolved: Receipt of specifically malformed IPv6 packets causes kernel memory exhaustion leading to Denial of Service2025-01-09
GHSA
GHSA-p34f-rw7f-c723: A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver (jtd) of Juniper Networks Junos OS Evolved allows an u2025-01-09

📋Vendor Advisories

1
Juniper
CVE-2025-21599: A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver (jtd) of Juniper Networks Junos OS Evolved allows an u2025-01-09
CVE-2025-21599 — HIGH severity | cvebase