Executive Summary



This vulnerability is currently undergoing analysis and not all information is available. Please check back soon to view the completed vulnerability summary
Informations
Name CVE-2025-21599 First vendor Publication 2025-01-09
Vendor Cve Last vendor Modification 2025-01-09

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 7.5
Base Score 7.5 Environmental Score 7.5
impact SubScore 3.6 Temporal Score 7.5
Exploitabality Sub Score 3.9
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

AÂ Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver (jtd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service.Â

Receipt of specifically malformed IPv6 packets, destined to the device, causes kernel memory to not be freed, resulting in memory exhaustion leading to a system crash and Denial of Service (DoS). Continuous receipt and processing of these packets will continue to exhaust kernel memory, creating a sustained Denial of Service (DoS) condition. This issue only affects systems configured with IPv6.

This issue affects Junos OS Evolved:Â

* from 22.4-EVO before 22.4R3-S5-EVO,Â
* from 23.2-EVO before 23.2R2-S2-EVO,Â
* from 23.4-EVO before 23.4R2-S2-EVO,Â
* from 24.2-EVO before 24.2R1-S2-EVO, 24.2R2-EVO.

This issue does not affect Juniper Networks Junos OS Evolved versions prior to 22.4R1-EVO.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21599

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory Leak')

Sources (Detail)

https://supportportal.juniper.net/JSA92869
Source Url

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2025-01-09 21:20:27
  • First insertion