ghsa-7fvw-hrgg-4cr6
Vulnerability from github
Published
2025-04-09 21:31
Modified
2025-04-09 21:31
Severity ?
6.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
Details

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS).

On all Junos OS and Junos OS Evolved platforms, in an EVPN-VXLAN scenario, when specific ARP packets are received on an IPv4 network, or specific NDP packets are received on an IPv6 network, kernel heap memory leaks, which eventually leads to an FPC crash and restart.

This issue does not affect MX Series platforms. Heap size growth on FPC can be seen using below command.

user@host> show chassis fpc                     Temp CPU Utilization (%) CPU Utilization (%) Memory   Utilization (%) Slot State           (C) Total Interrupt     1min   5min   15min   DRAM (MB)   Heap   Buffer   0 Online           45     3         0       2       2      2       32768      19       0 <<<<<<< Heap increase in all fPCs

This issue affects Junos OS:

  • All versions before 21.2R3-S7,
  • 21.4 versions before 21.4R3-S4,
  • 22.2 versions before 22.2R3-S1, 
  • 22.3 versions before 22.3R3-S1, 
  • 22.4 versions before 22.4R2-S2, 22.4R3.

and Junos OS Evolved:

  • All versions before 21.2R3-S7-EVO,
  • 21.4-EVO versions before 21.4R3-S4-EVO,
  • 22.2-EVO versions before 22.2R3-S1-EVO, 

  • 22.3-EVO versions before 22.3R3-S1-EVO, 

  • 22.4-EVO versions before 22.4R3-EVO.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2025-21595"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-401"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-04-09T20:15:25Z",
    "severity": "HIGH"
  },
  "details": "A Missing Release of Memory after Effective Lifetime\u00a0vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause an FPC to crash, leading to Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved platforms, in an EVPN-VXLAN scenario, when specific ARP packets are received on an IPv4 network, or specific NDP packets are received on an IPv6 network, kernel heap memory leaks, which eventually leads to an FPC crash and restart.\n\nThis issue does not affect MX Series platforms.\nHeap size growth on FPC can be seen using below command.\n\n\nuser@host\u003e show chassis fpc\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Temp CPU Utilization (%) CPU Utilization (%) Memory \u00a0 Utilization (%)\nSlot State \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 (C) Total Interrupt \u00a0 \u00a0 1min \u00a0 5min \u00a0 15min \u00a0 DRAM (MB) \u00a0 Heap \u00a0 Buffer\n\u00a0 0 Online \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 45 \u00a0 \u00a0 3 \u00a0 \u00a0 \u00a0 \u00a0 0 \u00a0 \u00a0 \u00a0 2 \u00a0 \u00a0 \u00a0 2 \u00a0 \u00a0 \u00a02 \u00a0 \u00a0 \u00a0 32768 \u00a0 \u00a0 \u00a019\u00a0 \u00a0 \u00a0 \u00a00\u2003\u003c\u003c\u003c\u003c\u003c\u003c\u003c Heap increase in all fPCs\n\n\nThis issue affects Junos OS:\n\n  *  All versions before 21.2R3-S7,\n  *  21.4 versions before 21.4R3-S4,\n  *  22.2 versions before 22.2R3-S1,\u00a0\n  *  22.3 versions before 22.3R3-S1,\u00a0\n  *  22.4 versions before 22.4R2-S2, 22.4R3.\n\n\nand Junos OS Evolved:\n\n  *  All versions before 21.2R3-S7-EVO,\n  *  21.4-EVO versions before 21.4R3-S4-EVO,\n  *  22.2-EVO versions before 22.2R3-S1-EVO,\u00a0\n  *  22.3-EVO versions before 22.3R3-S1-EVO,\u00a0\n\n  *  22.4-EVO versions before 22.4R3-EVO.",
  "id": "GHSA-7fvw-hrgg-4cr6",
  "modified": "2025-04-09T21:31:43Z",
  "published": "2025-04-09T21:31:42Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-21595"
    },
    {
      "type": "WEB",
      "url": "https://supportportal.juniper.net/JSA96450"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.