Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2026-AVI-0050
Vulnerability from certfr_avis - Published: 2026-01-15 - Updated: 2026-01-15
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS | Junos OS versions 23.4R2-x antérieures à 23.4R2-S6 | ||
| Juniper Networks | Junos Space | Policy Enforcer versions antérieures à 24.1R5 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 22.2R3-x antérieures à 22.2R3-S4-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 21.2R3-x antérieures à 21.2R3-S10 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 24.2R2-x antérieures à 24.2R2-S3-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 24.2R2-x antérieures à 24.2R2-S3 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 22.4R3-x antérieures à 22.4R3-S9-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 25.2R1-x antérieures à 25.2R1-S2 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 22.3R3-x antérieures à 22.3R3-S3-EVO | ||
| Juniper Networks | Policy Enforcer | Policy Enforcer versions antérieures à 24.1R3 | ||
| Juniper Networks | Junos OS | Junos OS versions 22.4R3-x antérieures à 22.4R3-S8 | ||
| Juniper Networks | Junos OS | Junos OS versions 24.2R1-x antérieures à 24.2R1-S2 | ||
| Juniper Networks | Junos OS | Junos OS versions 23.2R2-x antérieures à 23.2R2-S5 | ||
| Juniper Networks | Junos OS | Junos OS versions 24.4R2-x antérieures à 24.4R2-S2 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 21.4R3-x antérieures à 21.4R3-S7-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 22.2R3-x antérieures à 22.2R3-S7 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 23.2R2-x antérieures à 23.2R2-S5-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 24.4R1-x antérieures à 24.4R1-S3 | ||
| Juniper Networks | Junos OS | Junos OS versions 21.4R3-x antérieures à 21.4R3-S12 | ||
| Juniper Networks | Junos OS | Junos OS versions 22.3R3-x antérieures à 22.3R3-S4 | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 24.4R2-x antérieures à 24.4R2-S1-EVO | ||
| Juniper Networks | Junos OS Evolved | Junos OS Evolved versions 23.4R2-x antérieures à 23.4R2-S6-EVO | ||
| Juniper Networks | Junos OS | Junos OS versions 23.4R1-x antérieures à 23.4R1-S2 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Junos OS versions 23.4R2-x ant\u00e9rieures \u00e0 23.4R2-S6",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Policy Enforcer versions ant\u00e9rieures \u00e0 24.1R5",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.2R3-x ant\u00e9rieures \u00e0 22.2R3-S4-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.2R3-x ant\u00e9rieures \u00e0 21.2R3-S10",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.2R2-x ant\u00e9rieures \u00e0 24.2R2-S3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 24.2R2-x ant\u00e9rieures \u00e0 24.2R2-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.4R3-x ant\u00e9rieures \u00e0 22.4R3-S9-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 25.2R1-x ant\u00e9rieures \u00e0 25.2R1-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 22.3R3-x ant\u00e9rieures \u00e0 22.3R3-S3-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Policy Enforcer versions ant\u00e9rieures \u00e0 24.1R3",
"product": {
"name": "Policy Enforcer",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.4R3-x ant\u00e9rieures \u00e0 22.4R3-S8",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 24.2R1-x ant\u00e9rieures \u00e0 24.2R1-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.2R2-x ant\u00e9rieures \u00e0 23.2R2-S5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 24.4R2-x ant\u00e9rieures \u00e0 24.4R2-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 21.4R3-x ant\u00e9rieures \u00e0 21.4R3-S7-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.2R3-x ant\u00e9rieures \u00e0 22.2R3-S7",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.2R2-x ant\u00e9rieures \u00e0 23.2R2-S5-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 24.4R1-x ant\u00e9rieures \u00e0 24.4R1-S3",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 21.4R3-x ant\u00e9rieures \u00e0 21.4R3-S12",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 22.3R3-x ant\u00e9rieures \u00e0 22.3R3-S4",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 24.4R2-x ant\u00e9rieures \u00e0 24.4R2-S1-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS Evolved versions 23.4R2-x ant\u00e9rieures \u00e0 23.4R2-S6-EVO",
"product": {
"name": "Junos OS Evolved",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions 23.4R1-x ant\u00e9rieures \u00e0 23.4R1-S2",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2026-21913",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21913"
},
{
"name": "CVE-2021-3733",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3733"
},
{
"name": "CVE-2019-20907",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20907"
},
{
"name": "CVE-2025-60003",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60003"
},
{
"name": "CVE-2022-45061",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-45061"
},
{
"name": "CVE-2024-50302",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50302"
},
{
"name": "CVE-2026-21918",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21918"
},
{
"name": "CVE-2026-21903",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21903"
},
{
"name": "CVE-2026-21907",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21907"
},
{
"name": "CVE-2020-26116",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-26116"
},
{
"name": "CVE-2026-21917",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21917"
},
{
"name": "CVE-2026-21909",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21909"
},
{
"name": "CVE-2026-21906",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21906"
},
{
"name": "CVE-2026-21912",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21912"
},
{
"name": "CVE-2021-4189",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-4189"
},
{
"name": "CVE-2021-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3737"
},
{
"name": "CVE-2020-8492",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8492"
},
{
"name": "CVE-2026-21911",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21911"
},
{
"name": "CVE-2021-3177",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3177"
},
{
"name": "CVE-2026-21921",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21921"
},
{
"name": "CVE-2025-60007",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60007"
},
{
"name": "CVE-2026-21914",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21914"
},
{
"name": "CVE-2025-59961",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-59961"
},
{
"name": "CVE-2026-21910",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21910"
},
{
"name": "CVE-2025-60011",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-60011"
},
{
"name": "CVE-2026-21920",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21920"
},
{
"name": "CVE-2015-20107",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-20107"
},
{
"name": "CVE-2026-21905",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21905"
},
{
"name": "CVE-2026-21908",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-21908"
},
{
"name": "CVE-2026-0203",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-0203"
}
],
"initial_release_date": "2026-01-15T00:00:00",
"last_revision_date": "2026-01-15T00:00:00",
"links": [],
"reference": "CERTFR-2026-AVI-0050",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2026-01-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Juniper Networks. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper Networks",
"vendor_advisories": [
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-60011",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Optional-transitive-BGP-attribute-is-modified-before-propagation-to-peers-causing-sessions-to-flap-CVE-2025-60011"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21921",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-When-telemetry-collectors-are-frequently-subscribing-and-unsubscribing-to-sensors-chassisd-or-rpd-will-crash-CVE-2026-21921"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21913",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-EX4000-A-high-volume-of-traffic-destinated-to-the-device-leads-to-a-crash-and-restart-CVE-2026-21913"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-0203",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Receipt-of-a-specifically-malformed-ICMP-packet-causes-an-FPC-restart-CVE-2026-0203"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21907",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-Space-TLS-SSL-server-supports-use-of-static-key-ciphers-ssl-static-key-ciphers-CVE-2026-21907"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-60003",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-BGP-update-with-a-set-of-specific-attributes-causes-rpd-crash-CVE-2025-60003"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21911",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Evolved-Flapping-management-interface-causes-MAC-learning-on-label-switched-interfaces-to-stop-CVE-2026-21911"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21909",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Receipt-of-specific-IS-IS-update-packet-causes-memory-leak-leading-to-RPD-crash-CVE-2026-21909"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21903",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Subscribing-to-telemetry-sensors-at-scale-causes-all-FPCs-to-crash-CVE-2026-21903"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21917",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-Specifically-malformed-SSL-packet-causes-FPC-crash-CVE-2026-21917"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks 2026-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R5-release",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-Space-Multiple-vulnerabilities-resolved-in-24-1R5-release"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21914",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-A-specifically-malformed-GTP-message-will-cause-an-FPC-crash-CVE-2026-21914"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21908",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Use-after-free-vulnerability-In-802-1X-authentication-daemon-can-cause-crash-of-the-dot1xd-process-CVE-2026-21908"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-60007",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-A-specifically-crafted-show-chassis-command-causes-chassisd-to-crash-CVE-2025-60007"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2025-59961",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Unix-socket-used-to-control-the-jdhcpd-process-is-world-writable-CVE-2025-59961"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks 2026-01-Security-Bulletin-Policy-Enforcer-Multiple-vulnerabilities-in-Python-resolved-in-24-1R3-release",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Policy-Enforcer-Multiple-vulnerabilities-in-Python-resolved-in-24-1R3-release"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21910",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-EX4k-Series-QFX5k-Series-In-an-EVPN-VXLAN-configuration-link-flaps-cause-Inter-VNI-traffic-drop-CVE-2026-21910"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21906",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-With-GRE-performance-acceleration-enabled-receipt-of-a-specific-ICMP-packet-causes-the-PFE-to-crash-CVE-2026-21906"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21918",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-and-MX-Series-When-TCP-packets-occur-in-a-specific-sequence-flowd-crashes-CVE-2026-21918"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21920",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-If-a-specific-request-is-processed-by-the-DNS-subsystem-flowd-will-crash-CVE-2026-21920"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21912",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-MX10k-Series-show-system-firmware-CLI-command-may-lead-to-LC480-or-LC2101-line-card-reset-CVE-2026-21912"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2024-50302",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-Evolved-A-Linux-kernel-vulnerability-in-the-HID-driver-allows-an-attacker-to-read-information-from-the-HID-Report-buffer-CVE-2024-50302"
},
{
"published_at": "2026-01-14",
"title": "Bulletin de s\u00e9curit\u00e9 Juniper Networks CVE-2026-21905",
"url": "https://supportportal.juniper.net/s/article/2026-01-Security-Bulletin-Junos-OS-SRX-Series-MX-Series-with-MX-SPC3-or-MS-MPC-Receipt-of-multiple-specific-SIP-messages-results-in-flow-management-process-crash-CVE-2026-21905"
}
]
}
CVE-2026-21910 (GCVE-0-2026-21910)
Vulnerability from cvelistv5 – Published: 2026-01-15 20:23 – Updated: 2026-01-15 20:51
VLAI?
EPSS
Title
Junos OS: EX4k Series, QFX5k Series: In an EVPN-VXLAN configuration link flaps cause Inter-VNI traffic drop
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms allows an unauthenticated network-adjacent attacker flapping an interface to cause traffic between VXLAN Network Identifiers (VNIs) to drop, leading to a Denial of Service (DoS).
On all EX4k and QFX5k platforms, a link flap in an
EVPN-VXLAN configuration Link Aggregation Group (LAG)
results in Inter-VNI traffic dropping when there are multiple load-balanced next-hop routes for the same destination.
This issue is only applicable to systems that support EVPN-VXLAN Virtual Port-Link Aggregation Groups (VPLAG), such as the QFX5110, QFX5120, QFX5200, EX4100, EX4300, EX4400, and EX4650.
Service can only be restored by restarting the affected FPC via the 'request chassis fpc restart slot <slot-number>' command.
This issue affects Junos OS
on EX4k and QFX5k Series:
* all versions before 21.4R3-S12,
* all versions of 22.2
* from 22.4 before 22.4R3-S8,
* from 23.2 before 23.2R2-S5,
* from 23.4 before 23.4R2-S5,
* from 24.2 before 24.2R2-S3,
* from 24.4 before 24.4R2.
Severity ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.4R3-S12
(semver)
Affected: 22.2 , < 22.2* (semver) Affected: 22.4 , < 22.4R3-S8 (semver) Affected: 23.2 , < 23.2R2-S5 (semver) Affected: 23.4 , < 23.4R2-S5 (semver) Affected: 24.2 , < 24.2R2-S3 (semver) Affected: 24.4 , < 24.4R2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21910",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T20:51:52.841479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:51:57.933Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"EX4k Series",
"QFX5k Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S12",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2*",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S8",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S5",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S5",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2-S3",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThan": "24.4R2",
"status": "affected",
"version": "24.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue requires the following configuration:\u003cbr\u003e\u003cbr\u003e\n\n\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e[interfaces \u0026lt;if\u0026gt; ether-options 802.3ad ae0]\u003c/span\u003e\u003cbr\u003e[interfaces ae0 aggregated-ether-options lacp]\u003cbr\u003e\u003c/tt\u003e\u003cbr\u003e\u003ctt\u003e\u003ctt\u003e[protocols bgp group \u0026lt;name\u0026gt; family evpn signaling]\u003cbr\u003e\u003c/tt\u003e[protocols evpn encapsulation vxlan]\u003c/tt\u003e"
}
],
"value": "This issue requires the following configuration:\n\n\n\n[interfaces \u003cif\u003e ether-options 802.3ad ae0]\n[interfaces ae0 aggregated-ether-options lacp]\n\n[protocols bgp group \u003cname\u003e family evpn signaling]\n[protocols evpn encapsulation vxlan]"
}
],
"datePublic": "2026-01-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms allows an unauthenticated network-adjacent attacker\u0026nbsp;flapping an interface to cause traffic between VXLAN Network Identifiers (VNIs) to drop, leading to a Denial of Service (DoS).\u003c/span\u003e\u003cbr\u003e\u003c/span\u003e\u003cbr\u003eOn all EX4k and QFX5k platforms, a link flap in an\n\nEVPN-VXLAN configuration Link Aggregation Group (LAG)\nresults in Inter-VNI traffic dropping when there are multiple load-balanced next-hop routes for the same destination.\u003cbr\u003e\u003cbr\u003eThis issue is only applicable to\u0026nbsp;systems that support EVPN-VXLAN Virtual Port-Link Aggregation Groups (VPLAG), such as the QFX5110, QFX5120, QFX5200, EX4100, EX4300, EX4400, and EX4650.\u003cbr\u003e\u003cbr\u003eService can only be restored by restarting the affected FPC via the \u0027\u003ctt\u003erequest chassis fpc restart slot \u0026lt;slot-number\u0026gt;\u003c/tt\u003e\u0027 command.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS \n\non EX4k and QFX5k Series:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.4R3-S12,\u0026nbsp;\u003c/li\u003e\u003cli\u003eall versions of 22.2\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S8,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2-S3,\u003c/li\u003e\u003cli\u003efrom 24.4 before 24.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on EX4k Series and QFX5k Series platforms allows an unauthenticated network-adjacent attacker\u00a0flapping an interface to cause traffic between VXLAN Network Identifiers (VNIs) to drop, leading to a Denial of Service (DoS).\n\nOn all EX4k and QFX5k platforms, a link flap in an\n\nEVPN-VXLAN configuration Link Aggregation Group (LAG)\nresults in Inter-VNI traffic dropping when there are multiple load-balanced next-hop routes for the same destination.\n\nThis issue is only applicable to\u00a0systems that support EVPN-VXLAN Virtual Port-Link Aggregation Groups (VPLAG), such as the QFX5110, QFX5120, QFX5200, EX4100, EX4300, EX4400, and EX4650.\n\nService can only be restored by restarting the affected FPC via the \u0027request chassis fpc restart slot \u003cslot-number\u003e\u0027 command.\n\nThis issue affects Junos OS \n\non EX4k and QFX5k Series:\u00a0\n\n\n\n * all versions before 21.4R3-S12,\u00a0\n * all versions of 22.2\n * from 22.4 before 22.4R3-S8,\u00a0\n * from 23.2 before 23.2R2-S5,\u00a0\n * from 23.4 before 23.4R2-S5,\u00a0\n * from 24.2 before 24.2R2-S3,\n * from 24.4 before 24.4R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:23:29.682Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA106009"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA106009"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.4R3-S12, 22.4R3-S8, 23.2R2-S5, 23.4R2-S5, 24.2R2-S3, 24.4R2, 25.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.4R3-S12, 22.4R3-S8, 23.2R2-S5, 23.4R2-S5, 24.2R2-S3, 24.4R2, 25.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA106009",
"defect": [
"1847849"
],
"discovery": "USER"
},
"title": "Junos OS: EX4k Series, QFX5k Series: In an EVPN-VXLAN configuration link flaps cause Inter-VNI traffic drop",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2026-21910",
"datePublished": "2026-01-15T20:23:29.682Z",
"dateReserved": "2026-01-05T17:32:48.710Z",
"dateUpdated": "2026-01-15T20:51:57.933Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21907 (GCVE-0-2026-21907)
Vulnerability from cvelistv5 – Published: 2026-01-15 20:21 – Updated: 2026-01-15 21:12
VLAI?
EPSS
Title
Junos Space: TLS/SSL server supports use of static key ciphers (ssl-static-key-ciphers)
Summary
A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the TLS/SSL server of Juniper Networks Junos Space allows the use of static key ciphers (ssl-static-key-ciphers), reducing the confidentiality of on-path traffic communicated across the connection. These ciphers also do not support Perfect Forward Secrecy (PFS), affecting the long-term confidentiality of encrypted communications.This issue affects all versions of Junos Space before 24.1R5.
Severity ?
CWE
- CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos Space |
Affected:
0 , < 24.1R5
(semver)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21907",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T21:12:27.062334Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T21:12:31.198Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos Space",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "24.1R5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-01-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA Use of a Broken or Risky Cryptographic Algorithm vulnerability in the\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eTLS/SSL server\u003c/span\u003e\u0026nbsp;of Juniper Networks Junos Space allows the use of static key ciphers (ssl-static-key-ciphers), reducing the confidentiality of on-path traffic communicated across the connection. T\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ehese ciphers also do not support Perfect Forward Secrecy (PFS),\u0026nbsp;affecting the long-term confidentiality of encrypted communications.\u003c/span\u003e\u003c/span\u003e\u003cp\u003eThis issue affects all versions of Junos Space before 24.1R5.\u003c/p\u003e"
}
],
"value": "A Use of a Broken or Risky Cryptographic Algorithm vulnerability in the\u00a0TLS/SSL server\u00a0of Juniper Networks Junos Space allows the use of static key ciphers (ssl-static-key-ciphers), reducing the confidentiality of on-path traffic communicated across the connection. These ciphers also do not support Perfect Forward Secrecy (PFS),\u00a0affecting the long-term confidentiality of encrypted communications.This issue affects all versions of Junos Space before 24.1R5."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/AU:Y/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327 Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:21:11.010Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA106006"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA106006"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 24.1R5 and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos Space 24.1R5 and all subsequent releases."
}
],
"source": {
"advisory": "JSA106006",
"defect": [
"1892735"
],
"discovery": "INTERNAL"
},
"title": "Junos Space: TLS/SSL server supports use of static key ciphers (ssl-static-key-ciphers)",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no direct workarounds for this issue.\u003cbr\u003e\u003cbr\u003eEnsure any clients connecting to the device do not allow negotiation of\u0026nbsp;static RSA key exchange."
}
],
"value": "There are no direct workarounds for this issue.\n\nEnsure any clients connecting to the device do not allow negotiation of\u00a0static RSA key exchange."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2026-21907",
"datePublished": "2026-01-15T20:21:11.010Z",
"dateReserved": "2026-01-05T17:32:48.710Z",
"dateUpdated": "2026-01-15T21:12:31.198Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-60003 (GCVE-0-2025-60003)
Vulnerability from cvelistv5 – Published: 2026-01-15 20:15 – Updated: 2026-01-15 21:09
VLAI?
EPSS
Title
Junos OS and Junos OS Evolved: BGP update with a set of specific attributes causes rpd crash
Summary
A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
When an affected device receives a BGP update with a set of specific optional transitive attributes over an established peering session, rpd will crash and restart when attempting to advertise the received information to another peer.
This issue can only happen if one or both of the BGP peers of the receiving session are non-4-byte-AS capable as determined from the advertised capabilities during BGP session establishment. Junos OS and Junos OS Evolved default behavior is 4-byte-AS capable unless this has been specifically disabled by configuring:
[ protocols bgp ... disable-4byte-as ]
Established BGP sessions can be checked by executing:
show bgp neighbor <IP address> | match "4 byte AS"
This issue affects:
Junos OS:
* all versions before 22.4R3-S8,
* 23.2 versions before 23.2R2-S5,
* 23.4 versions before 23.4R2-S6,
* 24.2 versions before 24.2R2-S2,
* 24.4 versions before 24.4R2;
Junos OS Evolved:
* all versions before 22.4R3-S8-EVO,
* 23.2 versions before 23.2R2-S5-EVO,
* 23.4 versions before 23.4R2-S6-EVO,
* 24.2 versions before 24.2R2-S2-EVO,
* 24.4 versions before 24.4R2-EVO.
Severity ?
CWE
- CWE-126 - Buffer Over-read
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 22.4R3-S8
(semver)
Affected: 23.2 , < 23.2R2-S5 (semver) Affected: 23.4 , < 23.4R2-S6 (semver) Affected: 24.2 , < 24.2R2-S2 (semver) Affected: 24.4 , < 24.4R2 (semver) |
|||||||
|
|||||||||
Credits
Juniper SIRT would like to acknowledge and thank Craig Dods from Meta’s Infrastructure Security Engineering team for responsibly reporting this vulnerability.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-60003",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T21:09:12.069529Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T21:09:19.309Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.4R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S5",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S6",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2-S2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThan": "24.4R2",
"status": "affected",
"version": "24.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.4R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S5-EVO",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S6-EVO",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2-S2-EVO",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThan": "24.4R2-EVO",
"status": "affected",
"version": "24.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this issue at least two BGP peers needs to be configured via:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols bgp ... neighbor ... ]\u003c/tt\u003e\n\n\u003cbr\u003e"
}
],
"value": "To be exposed to this issue at least two BGP peers needs to be configured via:\n\n[ protocols bgp ... neighbor ... ]"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Juniper SIRT would like to acknowledge and thank Craig Dods from Meta\u2019s Infrastructure Security Engineering team for responsibly reporting this vulnerability."
}
],
"datePublic": "2026-01-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen an affected device receives a BGP update with a set of specific optional transitive attributes over an established peering session, rpd will crash and restart when attempting to advertise the received information to another peer.\u003cbr\u003eThis issue can only happen if one or both of the BGP peers of the receiving session are non-4-byte-AS capable as determined from the advertised capabilities during BGP session establishment. Junos OS and Junos OS Evolved default behavior is 4-byte-AS capable unless this has been specifically disabled by configuring:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols bgp ...\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003edisable-4byte-as\u0026nbsp;\u003c/span\u003e]\u003cbr\u003e\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eEstablished BGP sessions can be checked by executing:\u003cbr\u003e\u003ctt\u003e\u003cbr\u003eshow bgp neighbor \u0026lt;IP address\u0026gt; | match \"4 byte AS\"\u003c/tt\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S5,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S2,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8-EVO,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S5-EVO,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6-EVO,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S2-EVO,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "A Buffer Over-read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nWhen an affected device receives a BGP update with a set of specific optional transitive attributes over an established peering session, rpd will crash and restart when attempting to advertise the received information to another peer.\nThis issue can only happen if one or both of the BGP peers of the receiving session are non-4-byte-AS capable as determined from the advertised capabilities during BGP session establishment. Junos OS and Junos OS Evolved default behavior is 4-byte-AS capable unless this has been specifically disabled by configuring:\n\n[ protocols bgp ...\u00a0disable-4byte-as\u00a0]\n\n\nEstablished BGP sessions can be checked by executing:\n\nshow bgp neighbor \u003cIP address\u003e | match \"4 byte AS\"\n\n\nThis issue affects:\n\nJunos OS:\u00a0\n\n * all versions before 22.4R3-S8,\n * 23.2 versions before 23.2R2-S5,\n * 23.4 versions before 23.4R2-S6,\n * 24.2 versions before 24.2R2-S2,\n * 24.4 versions before 24.4R2;\n\n\nJunos OS Evolved:\u00a0\n\n * all versions before 22.4R3-S8-EVO,\n * 23.2 versions before 23.2R2-S5-EVO,\n * 23.4 versions before 23.4R2-S6-EVO,\n * 24.2 versions before 24.2R2-S2-EVO,\n * 24.4 versions before 24.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-126",
"description": "CWE-126 Buffer Over-read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:15:04.828Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA103166"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS Evolved: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-EVO,\u0026nbsp;and all subsequent releases;\u003cbr\u003eJunos OS: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-EVO,\u00a0and all subsequent releases;\nJunos OS: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA103166",
"defect": [
"1878812"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS and Junos OS Evolved: BGP update with a set of specific attributes causes rpd crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-60003",
"datePublished": "2026-01-15T20:15:04.828Z",
"dateReserved": "2025-09-23T18:19:06.960Z",
"dateUpdated": "2026-01-15T21:09:19.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2015-20107 (GCVE-0-2015-20107)
Vulnerability from cvelistv5 – Published: 2022-04-13 00:00 – Updated: 2025-11-03 21:43
VLAI?
EPSS
Summary
In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:43:59.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.python.org/issue24778"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/issues/68966"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220616-0001/"
},
{
"name": "FEDORA-2022-5ad25e3d3c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCIO2W4DUVVMI6L52QCC4TT2B3K5VWHS/"
},
{
"name": "FEDORA-2022-cece1d07d9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERYMM2QVDPOJLX4LYXWYIQN5FOIJLDRY/"
},
{
"name": "FEDORA-2022-2e1d1205cf",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FIRUTX47BJD2HYJDLMI7JJBVCYFAPKAQ/"
},
{
"name": "FEDORA-2022-4b0dfda810",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46KWPTI72SSEOF53DOYQBQOCN4QQB2GE/"
},
{
"name": "FEDORA-2022-1358cedf2d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONXSGLASNLGFL57YU6WT6Y5YURSFV43U/"
},
{
"name": "FEDORA-2022-0be85556b4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYG3EMFR7ZHC46TDNM7SNWO64A3W7EUF/"
},
{
"name": "FEDORA-2022-a8e50dc83e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4E2WBEJ42CGLGDHD6ZXOLZ2W6G3YOVD/"
},
{
"name": "FEDORA-2022-4c788bdc40",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO2H6CKWLRGTTZCGUQVELW6LUH437Q3O/"
},
{
"name": "FEDORA-2022-9da5703d22",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5664BGZVTA46LQDNTYX5THG6CN4FYJX/"
},
{
"name": "FEDORA-2022-4a69d20cf4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIOJUZ5JMEMGSKNISTOVI4PDP36FDL5Y/"
},
{
"name": "FEDORA-2022-5ea8aa7518",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAY6VBNVEFUXKJF37WFHYXUSRDEK34N3/"
},
{
"name": "FEDORA-2022-ec74ac4079",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3LNY2NHM6J22O6Q5ANOE3SZRK3OACKR/"
},
{
"name": "FEDORA-2022-17a1bb7e78",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPCLGZZJPVXFWUWVV5WCD5FNUAFLKBDN/"
},
{
"name": "FEDORA-2022-dbe9a8f9ac",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DBVY4YC2P6EPZZ2DROOXHDOWZ4BJFLW/"
},
{
"name": "FEDORA-2022-9dd70781cb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAI2GBC7WKH7J5NH6J2IW5RT3VF2SF5M/"
},
{
"name": "FEDORA-2022-20e87fb0d1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIKVSW3H6W2GQGDE5DTIWLGFNH6KKEW/"
},
{
"name": "FEDORA-2022-9cd41b6709",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AKGMYDVKI3XNM27B6I6RQ6QV3TVJAUCG/"
},
{
"name": "FEDORA-2022-d157a91e10",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/57NECACX333A3BBZM2TR2VZ4ZE3UG3SN/"
},
{
"name": "FEDORA-2022-ce55d01569",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTTZGLD2YBMMG6U6F5HOTPOGGPBIURMA/"
},
{
"name": "FEDORA-2022-b499f2a9c6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/53TQZFLS6O3FLIMVSXFEEPZSWLDZLBOX/"
},
{
"name": "FEDORA-2022-d1682fef04",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/"
},
{
"name": "FEDORA-2022-79843dfb3c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/"
},
{
"tags": [
"x_transferred"
],
"url": "https://python-security.readthedocs.io/vuln/mailcap-shell-injection.html"
},
{
"name": "GLSA-202305-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-02"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.python.org/issue24778"
},
{
"url": "https://github.com/python/cpython/issues/68966"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220616-0001/"
},
{
"name": "FEDORA-2022-5ad25e3d3c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FCIO2W4DUVVMI6L52QCC4TT2B3K5VWHS/"
},
{
"name": "FEDORA-2022-cece1d07d9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ERYMM2QVDPOJLX4LYXWYIQN5FOIJLDRY/"
},
{
"name": "FEDORA-2022-2e1d1205cf",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FIRUTX47BJD2HYJDLMI7JJBVCYFAPKAQ/"
},
{
"name": "FEDORA-2022-4b0dfda810",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/46KWPTI72SSEOF53DOYQBQOCN4QQB2GE/"
},
{
"name": "FEDORA-2022-1358cedf2d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONXSGLASNLGFL57YU6WT6Y5YURSFV43U/"
},
{
"name": "FEDORA-2022-0be85556b4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYG3EMFR7ZHC46TDNM7SNWO64A3W7EUF/"
},
{
"name": "FEDORA-2022-a8e50dc83e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4E2WBEJ42CGLGDHD6ZXOLZ2W6G3YOVD/"
},
{
"name": "FEDORA-2022-4c788bdc40",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XO2H6CKWLRGTTZCGUQVELW6LUH437Q3O/"
},
{
"name": "FEDORA-2022-9da5703d22",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5664BGZVTA46LQDNTYX5THG6CN4FYJX/"
},
{
"name": "FEDORA-2022-4a69d20cf4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIOJUZ5JMEMGSKNISTOVI4PDP36FDL5Y/"
},
{
"name": "FEDORA-2022-5ea8aa7518",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KAY6VBNVEFUXKJF37WFHYXUSRDEK34N3/"
},
{
"name": "FEDORA-2022-ec74ac4079",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3LNY2NHM6J22O6Q5ANOE3SZRK3OACKR/"
},
{
"name": "FEDORA-2022-17a1bb7e78",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPCLGZZJPVXFWUWVV5WCD5FNUAFLKBDN/"
},
{
"name": "FEDORA-2022-dbe9a8f9ac",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5DBVY4YC2P6EPZZ2DROOXHDOWZ4BJFLW/"
},
{
"name": "FEDORA-2022-9dd70781cb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HAI2GBC7WKH7J5NH6J2IW5RT3VF2SF5M/"
},
{
"name": "FEDORA-2022-20e87fb0d1",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6QIKVSW3H6W2GQGDE5DTIWLGFNH6KKEW/"
},
{
"name": "FEDORA-2022-9cd41b6709",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AKGMYDVKI3XNM27B6I6RQ6QV3TVJAUCG/"
},
{
"name": "FEDORA-2022-d157a91e10",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/57NECACX333A3BBZM2TR2VZ4ZE3UG3SN/"
},
{
"name": "FEDORA-2022-ce55d01569",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PTTZGLD2YBMMG6U6F5HOTPOGGPBIURMA/"
},
{
"name": "FEDORA-2022-b499f2a9c6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/53TQZFLS6O3FLIMVSXFEEPZSWLDZLBOX/"
},
{
"name": "FEDORA-2022-d1682fef04",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/"
},
{
"name": "FEDORA-2022-79843dfb3c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/"
},
{
"url": "https://python-security.readthedocs.io/vuln/mailcap-shell-injection.html"
},
{
"name": "GLSA-202305-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-02"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-20107",
"datePublished": "2022-04-13T00:00:00.000Z",
"dateReserved": "2022-04-13T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:43:59.756Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-0203 (GCVE-0-2026-0203)
Vulnerability from cvelistv5 – Published: 2026-01-15 20:17 – Updated: 2026-01-15 21:11
VLAI?
EPSS
Title
Junos OS: Receipt of a specifically malformed ICMP packet causes an FPC restart
Summary
An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS allows an unauthenticated, network-adjacent attacker sending a specifically malformed ICMP packet to cause an FPC to crash and restart, resulting in a Denial of Service (DoS).
When an ICMP packet is received with a specifically malformed IP header value, the FPC receiving the packet crashes and restarts. Due to the specific type of malformed packet, adjacent upstream routers would not forward the packet, limiting the attack surface to adjacent networks.
This issue only affects ICMPv4. ICMPv6 is not vulnerable to this issue.
This issue affects Junos OS:
* all versions before 21.2R3-S9,
* from 21.4 before 21.4R3-S10,
* from 22.2 before 22.2R3-S7,
* from 22.3 before 22.3R3-S4,
* from 22.4 before 22.4R3-S5,
* from 23.2 before 23.2R2-S3,
* from 23.4 before 23.4R2-S3,
* from 24.2 before 24.2R1-S2, 24.2R2.
Severity ?
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.2R3-S9
(semver)
Affected: 21.4 , < 21.4R3-S10 (semver) Affected: 22.2 , < 22.2R3-S7 (semver) Affected: 22.3 , < 22.3R3-S4 (semver) Affected: 22.4 , < 22.4R3-S5 (semver) Affected: 23.2 , < 23.2R2-S3 (semver) Affected: 23.4 , < 23.4R2-S3 (semver) Affected: 24.2 , < 24.2R1-S2, 24.2R2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-0203",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T21:11:21.932357Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T21:11:32.119Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S9",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S10",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S7",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S4",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S5",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S3",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R1-S2, 24.2R2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-01-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS allows an unauthenticated, network-adjacent attacker sending a specifically malformed ICMP packet to cause an FPC to crash and restart, resulting in a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eWhen an ICMP packet is received with a specifically malformed IP header value, the FPC receiving the packet crashes and restarts. Due to the specific type of malformed packet, adjacent upstream routers would not forward the packet, limiting the attack surface to adjacent networks.\u003cbr\u003e\u003cbr\u003e\u003c/span\u003eThis issue only affects ICMPv4. ICMPv6 is not vulnerable to this issue.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S9,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S10,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S7,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S4,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R1-S2, 24.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS allows an unauthenticated, network-adjacent attacker sending a specifically malformed ICMP packet to cause an FPC to crash and restart, resulting in a Denial of Service (DoS).\n\n\n\nWhen an ICMP packet is received with a specifically malformed IP header value, the FPC receiving the packet crashes and restarts. Due to the specific type of malformed packet, adjacent upstream routers would not forward the packet, limiting the attack surface to adjacent networks.\n\nThis issue only affects ICMPv4. ICMPv6 is not vulnerable to this issue.\n\nThis issue affects Junos OS:\u00a0\n\n\n\n * all versions before 21.2R3-S9,\u00a0\n * from 21.4 before 21.4R3-S10,\u00a0\n * from 22.2 before 22.2R3-S7,\u00a0\n * from 22.3 before 22.3R3-S4,\u00a0\n * from 22.4 before 22.4R3-S5,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S3,\u00a0\n * from 24.2 before 24.2R1-S2, 24.2R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:18:03.924Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA104294"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA104294"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 20.2R3-S10, 21.2R3-S9, 21.4R3-S10, 22.2R3-S7, 22.3R3-S4, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 20.2R3-S10, 21.2R3-S9, 21.4R3-S10, 22.2R3-S7, 22.3R3-S4, 22.4R3-S5, 23.2R2-S3, 23.4R2-S3, 24.2R1-S2, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA104294",
"defect": [
"1824879"
],
"discovery": "USER"
},
"title": "Junos OS: Receipt of a specifically malformed ICMP packet causes an FPC restart",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2026-0203",
"datePublished": "2026-01-15T20:17:24.552Z",
"dateReserved": "2025-10-29T20:57:34.631Z",
"dateUpdated": "2026-01-15T21:11:32.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-60007 (GCVE-0-2025-60007)
Vulnerability from cvelistv5 – Published: 2026-01-15 20:16 – Updated: 2026-01-15 21:10
VLAI?
EPSS
Title
Junos OS: A specifically crafted 'show chassis' command causes chassisd to crash
Summary
A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS).
When a user executes the 'show chassis' command with specifically crafted options, chassisd will crash and restart. Due to this all components but the Routing Engine (RE) in the chassis are reinitialized, which leads to a complete service outage, which the system automatically recovers from.
This issue affects:
Junos OS on MX, SRX and EX Series:
* all versions before 22.4R3-S8,
* 23.2 versions before 23.2R2-S5,
* 23.4 versions before 23.4R2-S6,
* 24.2 versions before 24.2R2-S2,
* 24.4 versions before 24.4R2.
Severity ?
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 22.4R3-S8
(semver)
Affected: 23.2 , < 23.2R2-S5 (semver) Affected: 23.4 , < 23.4R2-S6 (semver) Affected: 24.2 , < 24.2R2-S2 (semver) Affected: 24.4 , < 24.4R2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-60007",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T21:10:02.048889Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T21:10:13.435Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MX Series",
"EX Series",
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.4R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S5",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S6",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2-S2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThan": "24.4R2",
"status": "affected",
"version": "24.4",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-01-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003e\u003cbr\u003eWhen a user executes the \u0027show chassis\u0027 command with specifically crafted options, chassisd will crash and restart. Due to this all components but the Routing Engine (RE) in the chassis are reinitialized, which leads to a complete service outage, which the system automatically recovers from.\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS on MX, SRX and EX Series:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S5,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S2,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "A NULL Pointer Dereference vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS on MX, SRX and EX Series allows a local attacker with low privileges to cause a Denial-of-Service (DoS).\n\n\nWhen a user executes the \u0027show chassis\u0027 command with specifically crafted options, chassisd will crash and restart. Due to this all components but the Routing Engine (RE) in the chassis are reinitialized, which leads to a complete service outage, which the system automatically recovers from.\n\n\n\nThis issue affects:\n\nJunos OS on MX, SRX and EX Series:\u00a0\n\n\n\n * all versions before 22.4R3-S8,\n * 23.2 versions before 23.2R2-S5,\n * 23.4 versions before 23.4R2-S6,\n * 24.2 versions before 24.2R2-S2,\n * 24.4 versions before 24.4R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:16:22.617Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA103173"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA103173",
"defect": [
"1854693"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: A specifically crafted \u0027show chassis\u0027 command causes chassisd to crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To prevent this issue from being exploited please use CLI authorization to prevent the execution of the \u0027show chassis\u0027 command."
}
],
"value": "To prevent this issue from being exploited please use CLI authorization to prevent the execution of the \u0027show chassis\u0027 command."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-60007",
"datePublished": "2026-01-15T20:16:22.617Z",
"dateReserved": "2025-09-23T18:19:06.961Z",
"dateUpdated": "2026-01-15T21:10:13.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50302 (GCVE-0-2024-50302)
Vulnerability from cvelistv5 – Published: 2024-11-19 01:30 – Updated: 2025-11-03 22:28
VLAI?
EPSS
Title
HID: core: zero-initialize the report buffer
Summary
In the Linux kernel, the following vulnerability has been resolved:
HID: core: zero-initialize the report buffer
Since the report buffer is used by all kinds of drivers in various ways, let's
zero-initialize it during allocation to make sure that it can't be ever used
to leak kernel memory via specially-crafted report.
Severity ?
5.5 (Medium)
CWE
- CWE-908 - Use of Uninitialized Resource
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Linux | Linux |
Affected:
27ce405039bfe6d3f4143415c638f56a3df77dca , < e7ea60184e1e88a3c9e437b3265cbb6439aa7e26
(git)
Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 3f9e88f2672c4635960570ee9741778d4135ecf5 (git) Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < d7dc68d82ab3fcfc3f65322465da3d7031d4ab46 (git) Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 05ade5d4337867929e7ef664e7ac8e0c734f1aaf (git) Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 1884ab3d22536a5c14b17c78c2ce76d1734e8b0b (git) Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 9d9f5c75c0c7f31766ec27d90f7a6ac673193191 (git) Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 492015e6249fbcd42138b49de3c588d826dd9648 (git) Affected: 27ce405039bfe6d3f4143415c638f56a3df77dca , < 177f25d1292c7e16e1199b39c85480f7f8815552 (git) Affected: b2b6cadad699d44a8a5b2a60f3d960e00d6fb3b7 (git) Affected: fe6c9b48ebc920ff21c10c50ab2729440c734254 (git) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50302",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T04:55:26.718337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-03-04",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908 Use of Uninitialized Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:35.755Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-50302"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-04T00:00:00+00:00",
"value": "CVE-2024-50302 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:28:19.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00001.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/hid/hid-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "e7ea60184e1e88a3c9e437b3265cbb6439aa7e26",
"status": "affected",
"version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
"versionType": "git"
},
{
"lessThan": "3f9e88f2672c4635960570ee9741778d4135ecf5",
"status": "affected",
"version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
"versionType": "git"
},
{
"lessThan": "d7dc68d82ab3fcfc3f65322465da3d7031d4ab46",
"status": "affected",
"version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
"versionType": "git"
},
{
"lessThan": "05ade5d4337867929e7ef664e7ac8e0c734f1aaf",
"status": "affected",
"version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
"versionType": "git"
},
{
"lessThan": "1884ab3d22536a5c14b17c78c2ce76d1734e8b0b",
"status": "affected",
"version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
"versionType": "git"
},
{
"lessThan": "9d9f5c75c0c7f31766ec27d90f7a6ac673193191",
"status": "affected",
"version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
"versionType": "git"
},
{
"lessThan": "492015e6249fbcd42138b49de3c588d826dd9648",
"status": "affected",
"version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
"versionType": "git"
},
{
"lessThan": "177f25d1292c7e16e1199b39c85480f7f8815552",
"status": "affected",
"version": "27ce405039bfe6d3f4143415c638f56a3df77dca",
"versionType": "git"
},
{
"status": "affected",
"version": "b2b6cadad699d44a8a5b2a60f3d960e00d6fb3b7",
"versionType": "git"
},
{
"status": "affected",
"version": "fe6c9b48ebc920ff21c10c50ab2729440c734254",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/hid/hid-core.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "3.12"
},
{
"lessThan": "3.12",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "4.19.*",
"status": "unaffected",
"version": "4.19.324",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.4.*",
"status": "unaffected",
"version": "5.4.286",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.230",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.172",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.117",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.61",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.11.*",
"status": "unaffected",
"version": "6.11.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.12",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.324",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.286",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.230",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.172",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.117",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.61",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.11.8",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12",
"versionStartIncluding": "3.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.10.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let\u0027s\nzero-initialize it during allocation to make sure that it can\u0027t be ever used\nto leak kernel memory via specially-crafted report."
}
],
"providerMetadata": {
"dateUpdated": "2025-05-04T13:00:14.113Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/e7ea60184e1e88a3c9e437b3265cbb6439aa7e26"
},
{
"url": "https://git.kernel.org/stable/c/3f9e88f2672c4635960570ee9741778d4135ecf5"
},
{
"url": "https://git.kernel.org/stable/c/d7dc68d82ab3fcfc3f65322465da3d7031d4ab46"
},
{
"url": "https://git.kernel.org/stable/c/05ade5d4337867929e7ef664e7ac8e0c734f1aaf"
},
{
"url": "https://git.kernel.org/stable/c/1884ab3d22536a5c14b17c78c2ce76d1734e8b0b"
},
{
"url": "https://git.kernel.org/stable/c/9d9f5c75c0c7f31766ec27d90f7a6ac673193191"
},
{
"url": "https://git.kernel.org/stable/c/492015e6249fbcd42138b49de3c588d826dd9648"
},
{
"url": "https://git.kernel.org/stable/c/177f25d1292c7e16e1199b39c85480f7f8815552"
}
],
"title": "HID: core: zero-initialize the report buffer",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2024-50302",
"datePublished": "2024-11-19T01:30:51.300Z",
"dateReserved": "2024-10-21T19:36:19.987Z",
"dateUpdated": "2025-11-03T22:28:19.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-60011 (GCVE-0-2025-60011)
Vulnerability from cvelistv5 – Published: 2026-01-15 20:16 – Updated: 2026-01-15 21:10
VLAI?
EPSS
Title
Junos OS and Junos OS Evolved: Optional transitive BGP attribute is modified before propagation to peers causing sessions to flap
Summary
An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an availability impact for downstream devices.
When an affected device receives a specific optional, transitive BGP attribute over an existing BGP session, it will be erroneously modified before propagation to peers. When the attribute is detected as malformed by the peers, these peers will most likely terminate the BGP sessions with the affected devices and thereby cause an availability impact due to the resulting routing churn.
This issue affects:
Junos OS:
* all versions before 22.4R3-S8,
* 23.2 versions before 23.2R2-S5
* 23.4 versions before 23.4R2-S6,
* 24.2 versions before 24.2R2-S2,
* 24.4 versions before 24.4R2;
Junos OS Evolved:
* all versions before 22.4R3-S8-EVO,
* 23.2 versions before 23.2R2-S5-EVO,
* 23.4 versions before 23.4R2-S6-EVO,
* 24.2 versions before 24.2R2-S2-EVO,
* 24.4 versions before 24.4R2-EVO.
Severity ?
CWE
- CWE-754 - Improper Check for Unusual or Exceptional Conditions
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 22.4R3-S8
(semver)
Affected: 23.2 , < 23.2R2-S5 (semver) Affected: 23.4 , < 23.4R2-S6 (semver) Affected: 24.2 , < 24.2R2-S2 (semver) Affected: 24.4 , < 24.4R2 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-60011",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T21:10:41.872904Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T21:10:58.766Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.4R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S5",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S6",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2-S2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThan": "24.4R2",
"status": "affected",
"version": "24.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.4R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S5-EVO",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S6-EVO",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2-S2-EVO",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThan": "24.4R2-EVO",
"status": "affected",
"version": "24.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this issue BGP needs to be configured for at least two peers via:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ protocols bgp ... neighbor ... ]\u003c/tt\u003e\n\n\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "To be exposed to this issue BGP needs to be configured for at least two peers via:\n\n[ protocols bgp ... neighbor ... ]"
}
],
"datePublic": "2026-01-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an availability impact for downstream devices.\u003cbr\u003e\u003cbr\u003eWhen an affected device receives a specific optional, transitive BGP attribute over an existing BGP session, it will be erroneously modified before propagation to peers. When the attribute is detected as malformed by the peers, these peers will most likely terminate the BGP sessions with the affected devices and thereby cause an availability impact due to the resulting routing churn.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S5\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S2,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8-EVO,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S5-EVO,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6-EVO,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S2-EVO,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cbr\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause an availability impact for downstream devices.\n\nWhen an affected device receives a specific optional, transitive BGP attribute over an existing BGP session, it will be erroneously modified before propagation to peers. When the attribute is detected as malformed by the peers, these peers will most likely terminate the BGP sessions with the affected devices and thereby cause an availability impact due to the resulting routing churn.\n\nThis issue affects:\n\nJunos OS:\n\n\n\n * all versions before 22.4R3-S8,\n * 23.2 versions before 23.2R2-S5\n * 23.4 versions before 23.4R2-S6,\n * 24.2 versions before 24.2R2-S2,\n * 24.4 versions before 24.4R2;\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * all versions before 22.4R3-S8-EVO,\n * 23.2 versions before 23.2R2-S5-EVO,\n * 23.4 versions before 23.4R2-S6-EVO,\n * 24.2 versions before 24.2R2-S2-EVO,\n * 24.4 versions before 24.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:L/AU:Y/R:U/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:16:47.459Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA103161"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS Evolved: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases;\u003cbr\u003eJunos OS: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases;\nJunos OS: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA103161",
"defect": [
"1884492"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: Optional transitive BGP attribute is modified before propagation to peers causing sessions to flap",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-60011",
"datePublished": "2026-01-15T20:16:47.459Z",
"dateReserved": "2025-09-23T18:19:06.961Z",
"dateUpdated": "2026-01-15T21:10:58.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59961 (GCVE-0-2025-59961)
Vulnerability from cvelistv5 – Published: 2026-01-15 20:14 – Updated: 2026-01-15 21:08
VLAI?
EPSS
Title
Junos OS and Junos OS Evolved: Unix socket used to control the jdhcpd process is world-writable
Summary
An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete control over the resource.
This vulnerability allows any low-privileged user logged into the system to connect to the Unix socket and issue commands to manage the DHCP service, in essence, taking administrative control of the local DHCP server or DHCP relay.
This issue affects:
Junos OS:
* all versions before 21.2R3-S10,
* all versions of 22.2,
* from 21.4 before 21.4R3-S12,
* from 22.4 before 22.4R3-S8,
* from 23.2 before 23.2R2-S5,
* from 23.4 before 23.4R2-S6,
* from 24.2 before 24.2R2-S2,
* from 24.4 before 24.4R2,
* from 25.2 before 25.2R1-S1, 25.2R2;
Junos OS Evolved:
* all versions before 22.4R3-S8-EVO,
* from 23.2 before 23.2R2-S5-EVO,
* from 23.4 before 23.4R2-S6-EVO,
* from 24.2 before 24.2R2-S2-EVO,
* from 24.4 before 24.4R2-EVO,
* from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.
Severity ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.2R3-S10
(semver)
Affected: 21.4 , < 21.4R3-S12 (semver) Affected: 22.2 , < 22.2* (semver) Affected: 22.4 , < 22.4R3-S8 (semver) Affected: 23.2 , < 23.2R2-S5 (semver) Affected: 23.4 , < 23.4R2-S6 (semver) Affected: 24.2 , < 24.2R2-S2 (semver) Affected: 24.4 , < 24.4R2 (semver) Affected: 25.2 , < 25.2R1-S1, 25.2R2 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59961",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T21:08:29.604883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T21:08:37.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S12",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2*",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S8",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S5",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S6",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2-S2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThan": "24.4R2",
"status": "affected",
"version": "24.4",
"versionType": "semver"
},
{
"lessThan": "25.2R1-S1, 25.2R2",
"status": "affected",
"version": "25.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.4R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S5-EVO",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S6-EVO",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2-S2-EVO",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThan": "24.4R2-EVO",
"status": "affected",
"version": "24.4",
"versionType": "semver"
},
{
"lessThan": "25.2R1-S1-EVO, 25.2R2-EVO",
"status": "affected",
"version": "25.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eTo be affected by this issue, a device must be configured with either:\u003c/p\u003e\u003ccode\u003e [ forwarding-options dhcp-relay group \u0026lt;group-name\u0026gt; interface ... ]\u003c/code\u003e\u003cbr\u003e\u003cp\u003eor\u003c/p\u003e\u003ccode\u003e [ system services dhcp-local-server group \u0026lt;group-name\u0026gt; interface ... ]\u003c/code\u003e\n\n\u003cbr\u003e"
}
],
"value": "To be affected by this issue, a device must be configured with either:\n\n [ forwarding-options dhcp-relay group \u003cgroup-name\u003e interface ... ]\nor\n\n [ system services dhcp-local-server group \u003cgroup-name\u003e interface ... ]"
}
],
"datePublic": "2026-01-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete control over the resource.\u003cbr\u003e\u003cbr\u003eThis vulnerability allows any low-privileged user logged into the system to connect to the Unix socket and issue commands to manage the DHCP service, in essence, taking administrative control of the local DHCP server or DHCP relay.\u003cbr\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003e Junos OS: \u003cbr\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S10,\u003c/li\u003e\u003cli\u003eall versions of 22.2,\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S12,\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S8,\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S5, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S6, \u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2-S2, \u003c/li\u003e\u003cli\u003efrom 24.4 before 24.4R2, \u003c/li\u003e\u003cli\u003efrom 25.2 before 25.2R1-S1, 25.2R2; \u003c/li\u003e\u003c/ul\u003e\u003cbr\u003eJunos OS Evolved: \u003cbr\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8-EVO, \u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S5-EVO, \u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S6-EVO, \u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2-S2-EVO, \u003c/li\u003e\u003cli\u003efrom 24.4 before 24.4R2-EVO, \u003c/li\u003e\u003cli\u003efrom 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete control over the resource.\n\nThis vulnerability allows any low-privileged user logged into the system to connect to the Unix socket and issue commands to manage the DHCP service, in essence, taking administrative control of the local DHCP server or DHCP relay.\n\nThis issue affects:\n Junos OS: \n * all versions before 21.2R3-S10,\n * all versions of 22.2,\n * from 21.4 before 21.4R3-S12,\n * from 22.4 before 22.4R3-S8,\n * from 23.2 before 23.2R2-S5, \n * from 23.4 before 23.4R2-S6, \n * from 24.2 before 24.2R2-S2, \n * from 24.4 before 24.4R2, \n * from 25.2 before 25.2R1-S1, 25.2R2; \n\n\n\nJunos OS Evolved: \n * all versions before 22.4R3-S8-EVO, \n * from 23.2 before 23.2R2-S5-EVO, \n * from 23.4 before 23.4R2-S6-EVO, \n * from 24.2 before 24.2R2-S2-EVO, \n * from 24.4 before 24.4R2-EVO, \n * from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:L/AU:Y/R:A/V:C/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:14:43.508Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA103150"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: \u003cbr\u003e\u003cbr\u003eJunos OS: 21.2R3-S10, 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-S1-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases.\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue: \n\nJunos OS: 21.2R3-S10, 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S2, 24.4R2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases.\nJunos OS Evolved: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S2-EVO, 24.4R2-EVO, 25.2R1-S1-EVO, 25.2R2-EVO, 25.4R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA103150",
"defect": [
"1877468"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Unix socket used to control the jdhcpd process is world-writable",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Manually change permissions of the Unix socket used to control the jdhcpd server to only allow root access. For example:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003eroot@junos\u0026gt; file change-permission filename /mfs/var/run/jdhcpd_mgmt permission\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e4700\u003c/span\u003e\n\n\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eNote: This change will not be persistent across reboots."
}
],
"value": "Manually change permissions of the Unix socket used to control the jdhcpd server to only allow root access. For example:\n\nroot@junos\u003e file change-permission filename /mfs/var/run/jdhcpd_mgmt permission\u00a04700\n\n\n\nNote: This change will not be persistent across reboots."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2025-59961",
"datePublished": "2026-01-15T20:14:43.508Z",
"dateReserved": "2025-09-23T18:19:06.955Z",
"dateUpdated": "2026-01-15T21:08:37.387Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2019-20907 (GCVE-0-2019-20907)
Vulnerability from cvelistv5 – Published: 2020-07-13 00:00 – Updated: 2024-08-05 02:53
VLAI?
EPSS
Summary
In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T02:53:09.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2020-dfb11916cc",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT4AF72TJ2XNIKCR4WEBR7URBJJ4YZRD/"
},
{
"name": "FEDORA-2020-e9251de272",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAXHCY4V3LPAAJOBCJ26ISZ4NUXQXTUZ/"
},
{
"name": "USN-4428-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4428-1/"
},
{
"name": "FEDORA-2020-c3b07cc5c9",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3TALOUBYU2MQD4BPLRTDQUMBKGCAXUA/"
},
{
"name": "FEDORA-2020-aab24d3714",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSL3XWVDMSMKO23HR74AJQ6VEM3C2NTS/"
},
{
"name": "FEDORA-2020-bb919e575e",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE4O3PNDNNOMSKHNUKZKD3NGHIFUFDPX/"
},
{
"name": "FEDORA-2020-97d775e649",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TOGKLGTXZLHQQFBVCAPSUDA6DOOJFNRY/"
},
{
"name": "GLSA-202008-01",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202008-01"
},
{
"name": "FEDORA-2020-826b24c329",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDKKRXLNVXRF6VGERZSR3OMQR5D5QI6I/"
},
{
"name": "FEDORA-2020-1ddd5273d6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILCHHTNLH4GG4GSQBX2MZRKZBXOLCKE/"
},
{
"name": "FEDORA-2020-87c0a0a52d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTBKKOLFFNHG6CM4ACDX4APHSD5ZX5N4/"
},
{
"name": "FEDORA-2020-efb908b6a8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNHPQGSP2YM3JAUD2VAMPXTIUQTZ2M2U/"
},
{
"name": "FEDORA-2020-d808fdd597",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V53P2YOLEQH4J7S5QHXMKMZYFTVVMTMO/"
},
{
"name": "FEDORA-2020-982b2950db",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTUNTBJ3POHONQOTLEZC46POCIYYTAKZ/"
},
{
"name": "FEDORA-2020-c539babb0a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36XI3EEQNMHGOZEI63Y7UV6XZRELYEAU/"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2337-1] python2.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html"
},
{
"name": "openSUSE-SU-2020:1254",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00051.html"
},
{
"name": "openSUSE-SU-2020:1257",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00052.html"
},
{
"name": "openSUSE-SU-2020:1258",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00053.html"
},
{
"name": "openSUSE-SU-2020:1265",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00056.html"
},
{
"name": "FEDORA-2020-d30881c970",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/"
},
{
"name": "[debian-lts-announce] 20201119 [SECURITY] [DLA 2456-1] python3.5 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.python.org/issue39017"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/pull/21454"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200731-0002/"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-24T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FEDORA-2020-dfb11916cc",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VT4AF72TJ2XNIKCR4WEBR7URBJJ4YZRD/"
},
{
"name": "FEDORA-2020-e9251de272",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CAXHCY4V3LPAAJOBCJ26ISZ4NUXQXTUZ/"
},
{
"name": "USN-4428-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4428-1/"
},
{
"name": "FEDORA-2020-c3b07cc5c9",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V3TALOUBYU2MQD4BPLRTDQUMBKGCAXUA/"
},
{
"name": "FEDORA-2020-aab24d3714",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YSL3XWVDMSMKO23HR74AJQ6VEM3C2NTS/"
},
{
"name": "FEDORA-2020-bb919e575e",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LE4O3PNDNNOMSKHNUKZKD3NGHIFUFDPX/"
},
{
"name": "FEDORA-2020-97d775e649",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TOGKLGTXZLHQQFBVCAPSUDA6DOOJFNRY/"
},
{
"name": "GLSA-202008-01",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202008-01"
},
{
"name": "FEDORA-2020-826b24c329",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PDKKRXLNVXRF6VGERZSR3OMQR5D5QI6I/"
},
{
"name": "FEDORA-2020-1ddd5273d6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILCHHTNLH4GG4GSQBX2MZRKZBXOLCKE/"
},
{
"name": "FEDORA-2020-87c0a0a52d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NTBKKOLFFNHG6CM4ACDX4APHSD5ZX5N4/"
},
{
"name": "FEDORA-2020-efb908b6a8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CNHPQGSP2YM3JAUD2VAMPXTIUQTZ2M2U/"
},
{
"name": "FEDORA-2020-d808fdd597",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V53P2YOLEQH4J7S5QHXMKMZYFTVVMTMO/"
},
{
"name": "FEDORA-2020-982b2950db",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CTUNTBJ3POHONQOTLEZC46POCIYYTAKZ/"
},
{
"name": "FEDORA-2020-c539babb0a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36XI3EEQNMHGOZEI63Y7UV6XZRELYEAU/"
},
{
"name": "[debian-lts-announce] 20200822 [SECURITY] [DLA 2337-1] python2.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00034.html"
},
{
"name": "openSUSE-SU-2020:1254",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00051.html"
},
{
"name": "openSUSE-SU-2020:1257",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00052.html"
},
{
"name": "openSUSE-SU-2020:1258",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00053.html"
},
{
"name": "openSUSE-SU-2020:1265",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00056.html"
},
{
"name": "FEDORA-2020-d30881c970",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/"
},
{
"name": "[debian-lts-announce] 20201119 [SECURITY] [DLA 2456-1] python3.5 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"url": "https://bugs.python.org/issue39017"
},
{
"url": "https://github.com/python/cpython/pull/21454"
},
{
"url": "https://security.netapp.com/advisory/ntap-20200731-0002/"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-20907",
"datePublished": "2020-07-13T00:00:00",
"dateReserved": "2020-07-13T00:00:00",
"dateUpdated": "2024-08-05T02:53:09.456Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-4189 (GCVE-0-2021-4189)
Vulnerability from cvelistv5 – Published: 2022-08-24 00:00 – Updated: 2025-12-17 21:36
VLAI?
EPSS
Summary
A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible.
Severity ?
5.3 (Medium)
CWE
- Not-Known
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:45:21.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.python.org/issue43285"
},
{
"tags": [
"x_transferred"
],
"url": "https://python-security.readthedocs.io/vuln/ftplib-pasv.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e"
},
{
"tags": [
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-4189"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036020"
},
{
"tags": [
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2021-4189"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221104-0004/"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-4189",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-25T14:59:42.470722Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252 Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T21:36:07.876Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "python",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in python 3.6.14, python 3.7.11, python 3.8.9, python 3.9.3, python 3.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Python, specifically in the FTP (File Transfer Protocol) client library in PASV (passive) mode. The issue is how the FTP client trusts the host from the PASV response by default. This flaw allows an attacker to set up a malicious FTP server that can trick FTP clients into connecting back to a given IP address and port. This vulnerability could lead to FTP client scanning ports, which otherwise would not have been possible."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Not-Known",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugs.python.org/issue43285"
},
{
"url": "https://python-security.readthedocs.io/vuln/ftplib-pasv.html"
},
{
"url": "https://github.com/python/cpython/commit/0ab152c6b5d95caa2dc1a30fa96e10258b5f188e"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2021-4189"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2036020"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2021-4189"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221104-0004/"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-4189",
"datePublished": "2022-08-24T00:00:00.000Z",
"dateReserved": "2021-12-29T00:00:00.000Z",
"dateUpdated": "2025-12-17T21:36:07.876Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21912 (GCVE-0-2026-21912)
Vulnerability from cvelistv5 – Published: 2026-01-15 20:24 – Updated: 2026-01-15 20:50
VLAI?
EPSS
Title
Junos OS: MX10k Series: 'show system firmware' CLI command may lead to LC480 or LC2101 line card reset
Summary
A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI command to cause an LC480 or LC2101 line card to reset.
On MX10k Series systems with LC480 or LC2101 line cards, repeated execution of the 'show system firmware' CLI command can cause the line card to crash and restart. Additionally, some time after the line card crashes, chassisd may also crash and restart, generating a core dump.This issue affects Junos OS on MX10k Series:
* all versions before 21.2R3-S10,
* from 21.4 before 21.4R3-S9,
* from 22.2 before 22.2R3-S7,
* from 22.4 before 22.4R3-S6,
* from 23.2 before 23.2R2-S2,
* from 23.4 before 23.4R2-S3,
* from 24.2 before 24.2R2.
Severity ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.2R3-S10
(semver)
Affected: 21.4 , < 21.4R3-S9 (semver) Affected: 22.2 , < 22.2R3-S7 (semver) Affected: 22.4 , < 22.4R3-S6 (semver) Affected: 23.2 , < 23.2R2-S2 (semver) Affected: 23.4 , < 23.4R2-S3 (semver) Affected: 24.2 , < 24.2R2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21912",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T20:50:22.948273Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:50:28.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"MX10k Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S9",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S7",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S6",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S3",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-01-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics\u0026nbsp;of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the \u0027show system firmware\u0027 CLI command to cause an LC480 or LC2101 line card to reset.\u003cbr\u003e\u003c/span\u003e\u003cbr\u003eOn MX10k Series systems with LC480 or LC2101 line cards, repeated execution of the \u0027show system firmware\u0027 CLI command can cause the line card to crash and restart. Additionally, some time after the line card crashes, chassisd may also crash and restart, generating a core dump.\u003cp\u003eThis issue affects Junos OS on MX10k Series:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S10,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S9,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S7,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S2,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics\u00a0of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the \u0027show system firmware\u0027 CLI command to cause an LC480 or LC2101 line card to reset.\n\nOn MX10k Series systems with LC480 or LC2101 line cards, repeated execution of the \u0027show system firmware\u0027 CLI command can cause the line card to crash and restart. Additionally, some time after the line card crashes, chassisd may also crash and restart, generating a core dump.This issue affects Junos OS on MX10k Series:\u00a0\n\n\n\n * all versions before 21.2R3-S10,\u00a0\n * from 21.4 before 21.4R3-S9,\u00a0\n * from 22.2 before 22.2R3-S7,\u00a0\n * from 22.4 before 22.4R3-S6,\u00a0\n * from 23.2 before 23.2R2-S2,\u00a0\n * from 23.4 before 23.4R2-S3,\u00a0\n * from 24.2 before 24.2R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:24:20.087Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA106011"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA106011"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.2R3-S10, 21.4R3-S9, 22.2R3-S7, 22.4R3-S6, 23.2R2-S2, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.2R3-S10, 21.4R3-S9, 22.2R3-S7, 22.4R3-S6, 23.2R2-S2, 23.4R2-S3, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA106011",
"defect": [
"1695340",
"1696186"
],
"discovery": "USER"
},
"title": "Junos OS: MX10k Series: \u0027show system firmware\u0027 CLI command may lead to LC480 or LC2101 line card reset",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Use CLI authorization to limit access to the \u0027show system firmware\u0027 command."
}
],
"value": "Use CLI authorization to limit access to the \u0027show system firmware\u0027 command."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2026-21912",
"datePublished": "2026-01-15T20:24:20.087Z",
"dateReserved": "2026-01-05T17:32:48.710Z",
"dateUpdated": "2026-01-15T20:50:28.949Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21918 (GCVE-0-2026-21918)
Vulnerability from cvelistv5 – Published: 2026-01-15 20:27 – Updated: 2026-01-15 21:13
VLAI?
EPSS
Title
Junos OS: SRX and MX Series: When TCP packets occur in a specific sequence flowd crashes
Summary
A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of packets is encountered a double free happens. This causes flowd to crash and the respective FPC to restart.
This issue affects Junos OS on SRX and MX Series:
* all versions before 22.4R3-S7,
* 23.2 versions before 23.2R2-S3,
* 23.4 versions before 23.4R2-S4,
* 24.2 versions before 24.2R2.
Severity ?
CWE
- CWE-415 - Double Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 22.4R3-S7
(semver)
Affected: 23.2 , < 23.2R2-S3 (semver) Affected: 23.4 , < 23.4R2-S4 (semver) Affected: 24.2 , < 24.2R2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21918",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T21:12:54.048156Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T21:13:00.740Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"SRX Series",
"MX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.4R3-S7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S3",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S4",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-01-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of packets is encountered a double free happens. This causes flowd to crash and the respective FPC to restart.\u003cbr\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS on SRX and MX Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S7,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S3,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S4,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX and MX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). On all SRX and MX Series platforms, when during TCP session establishment a specific sequence of packets is encountered a double free happens. This causes flowd to crash and the respective FPC to restart.\n\n\n\n\n\nThis issue affects Junos OS on SRX and MX Series:\n\n\n\n * all versions before 22.4R3-S7,\n * 23.2 versions before 23.2R2-S3,\n * 23.4 versions before 23.4R2-S4,\n * 24.2 versions before 24.2R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:27:54.743Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA106018"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA106018"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S7, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S7, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA106018",
"defect": [
"1834248"
],
"discovery": "USER"
},
"title": "Junos OS: SRX and MX Series: When TCP packets occur in a specific sequence flowd crashes",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2026-21918",
"datePublished": "2026-01-15T20:27:54.743Z",
"dateReserved": "2026-01-05T17:32:48.711Z",
"dateUpdated": "2026-01-15T21:13:00.740Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21913 (GCVE-0-2026-21913)
Vulnerability from cvelistv5 – Published: 2026-01-15 20:25 – Updated: 2026-01-15 20:45
VLAI?
EPSS
Title
Junos OS: EX4000: A high volume of traffic destined to the device leads to a crash and restart
Summary
An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
On EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP) a high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted.
The following reboot reason can be seen in the output of 'show chassis routing-engine' and as a log message:
reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump
This issue affects Junos OS on EX4000-48T, EX4000-48P and EX4000-48MP:
* 24.4 versions before 24.4R2,
* 25.2 versions before 25.2R1-S2, 25.2R2.
This issue does not affect versions before 24.4R1 as the first Junos OS version for the EX4000 models was 24.4R1.
Severity ?
CWE
- CWE-1419 - Incorrect Initialization of Resource
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
24.4 , < 24.4R2
(semver)
Affected: 25.2 , < 25.2R1-S2, 25.2R2 (semver) Unaffected: 0 , < 24.4R1 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21913",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T20:44:57.151563Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:45:02.652Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"EX4000-48T",
"EX4000-48P",
"EX4000-48MP"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "24.4R2",
"status": "affected",
"version": "24.4",
"versionType": "semver"
},
{
"lessThan": "25.2R1-S2, 25.2R2",
"status": "affected",
"version": "25.2",
"versionType": "semver"
},
{
"lessThan": "24.4R1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
}
],
"datePublic": "2026-01-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cp\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP)\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003ea high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted.\u003c/span\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cbr\u003e\u003c/span\u003e\u003c/p\u003e\u003cp\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe following reboot reason can be seen in the output of \u0027show chassis routing-engine\u0027 and as a log message:\u003c/span\u003e\u003c/p\u003e\u003ctt\u003e\u0026nbsp; reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump\u003c/tt\u003e\u003cp\u003e \n\n\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS on EX4000-48T, EX4000-48P and EX4000-48MP:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e24.4 versions before 24.4R2,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R1-S2, 25.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003eThis issue does not affect versions before 24.4R1 as the first Junos OS version for the EX4000 models was 24.4R1."
}
],
"value": "An Incorrect Initialization of Resource vulnerability in the Internal Device Manager (IDM) of Juniper Networks Junos OS on EX4000 models allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nOn EX4000 models with 48 ports (EX4000-48T, EX4000-48P, EX4000-48MP)\u00a0a high volume of traffic destined to the device will cause an FXPC crash and restart, which leads to a complete service outage until the device has automatically restarted.\n\n\n\n\nThe following reboot reason can be seen in the output of \u0027show chassis routing-engine\u0027 and as a log message:\n\n\u00a0 reason=0x4000002 reason_string=0x4000002:watchdog + panic with core dump \n\n\n\n\nThis issue affects Junos OS on EX4000-48T, EX4000-48P and EX4000-48MP:\n\n\n\n * 24.4 versions before 24.4R2,\n * 25.2 versions before 25.2R1-S2, 25.2R2.\n\n\n\n\nThis issue does not affect versions before 24.4R1 as the first Junos OS version for the EX4000 models was 24.4R1."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1419",
"description": "CWE-1419 Incorrect Initialization of Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:25:03.276Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA106014"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA106014"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 24.4R2, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 24.4R2, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA106014",
"defect": [
"1898489"
],
"discovery": "USER"
},
"title": "Junos OS: EX4000: A high volume of traffic destined to the device leads to a crash and restart",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2026-21913",
"datePublished": "2026-01-15T20:25:03.276Z",
"dateReserved": "2026-01-05T17:32:48.710Z",
"dateUpdated": "2026-01-15T20:45:02.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21917 (GCVE-0-2026-21917)
Vulnerability from cvelistv5 – Published: 2026-01-15 20:27 – Updated: 2026-01-15 21:12
VLAI?
EPSS
Title
Junos OS: SRX Series: Specifically malformed SSL packet causes FPC crash
Summary
An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
If an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart.
This issue affects Junos OS on SRX Series:
* 23.2 versions from 23.2R2-S2 before 23.2R2-S5,
* 23.4 versions from 23.4R2-S1 before 23.4R2-S5,
* 24.2 versions before 24.2R2-S2,
* 24.4 versions before 24.4R1-S3, 24.4R2.
Earlier versions of Junos are also affected, but no fix is available.
Severity ?
CWE
- CWE-1286 - Improper Validation of Syntactic Correctness of Input
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
23.2R2-S2 , < 23.2R2-S5
(semver)
Affected: 23.4R2-S1 , < 23.4R2-S5 (semver) Affected: 24.2 , < 24.2R2-S2 (semver) Affected: 24.4 , < 24.4R1-S3, 24.4R2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21917",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T21:12:30.579909Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T21:12:37.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "23.2R2-S5",
"status": "affected",
"version": "23.2R2-S2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S5",
"status": "affected",
"version": "23.4R2-S1",
"versionType": "semver"
},
{
"lessThan": "24.2R2-S2",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThan": "24.4R1-S3, 24.4R2",
"status": "affected",
"version": "24.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this issue web-filtering needs to be configured as follows:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ security utm utm-policy \u0026lt;utm policy name\u0026gt; web-filtering\u0026nbsp;http-profile \u0026lt;name\u0026gt; ]\u003cbr\u003e[\u0026nbsp;security policies ... policy \u0026lt;security policy name\u0026gt; then permit application-services utm-policy \u0026lt;utm policy name\u0026gt; ]\u003c/tt\u003e"
}
],
"value": "To be exposed to this issue web-filtering needs to be configured as follows:\n\n[ security utm utm-policy \u003cutm policy name\u003e web-filtering\u00a0http-profile \u003cname\u003e ]\n[\u00a0security policies ... policy \u003csecurity policy name\u003e then permit application-services utm-policy \u003cutm policy name\u003e ]"
}
],
"datePublic": "2026-01-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eIf an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart.\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS on SRX Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e23.2 versions from 23.2R2-S2 before 23.2R2-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003e23.4 versions from 23.4R2-S1 before 23.4R2-S5,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S2,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R1-S3, 24.4R2.\u003c/li\u003e\u003c/ul\u003eEarlier versions of Junos are also affected, but no fix is available."
}
],
"value": "An Improper Validation of Syntactic Correctness of Input vulnerability in the Web-Filtering module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\nIf an SRX device configured for UTM Web-Filtering receives a specifically malformed SSL packet, this will cause an FPC crash and restart.\nThis issue affects Junos OS on SRX Series:\n\n\n\n * 23.2 versions from 23.2R2-S2 before 23.2R2-S5,\u00a0\n * 23.4 versions from 23.4R2-S1 before 23.4R2-S5,\n * 24.2 versions before 24.2R2-S2,\n * 24.4 versions before 24.4R1-S3, 24.4R2.\n\n\nEarlier versions of Junos are also affected, but no fix is available."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1286",
"description": "CWE-1286 Improper Validation of Syntactic Correctness of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:27:11.214Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA105996"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA105996"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S5, 23.4R2-S5, 24.2R2-S2, 24.4R1-S3, 24.4R2, 25.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 23.2R2-S5, 23.4R2-S5, 24.2R2-S2, 24.4R1-S3, 24.4R2, 25.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA105996",
"defect": [
"1876037"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: SRX Series: Specifically malformed SSL packet causes FPC crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2026-21917",
"datePublished": "2026-01-15T20:27:11.214Z",
"dateReserved": "2026-01-05T17:32:48.711Z",
"dateUpdated": "2026-01-15T21:12:37.455Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-3177 (GCVE-0-2021-3177)
Vulnerability from cvelistv5 – Published: 2021-01-19 00:00 – Updated: 2025-12-18 15:03
VLAI?
EPSS
Summary
Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely.
Severity ?
9.8 (Critical)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:51.394Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.python.org/issue42938"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/pull/24239"
},
{
"tags": [
"x_transferred"
],
"url": "https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html"
},
{
"name": "FEDORA-2021-faf88b9499",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MGSV6BJQLRQ6RKVUXK7JGU7TP4QFGQXC/"
},
{
"name": "FEDORA-2021-cc3ff94cfc",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQPARTLNSFQVMMQHPNBFOCOZOO3TMQNA/"
},
{
"name": "GLSA-202101-18",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202101-18"
},
{
"name": "FEDORA-2021-e3a5a74610",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7GZV74KM72O2PEJN2C4XP3V5Q5MZUOO/"
},
{
"name": "FEDORA-2021-ced31f3f0c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCFZMVRQUKCBQIG5F2CBVADK63NFSE4A/"
},
{
"name": "FEDORA-2021-42ba9feb47",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRHOCQYX3QLDGDQGTWQAUUT2GGIZCZUO/"
},
{
"name": "FEDORA-2021-076a2dccba",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXSMBHES3ANXXS2RSO5G6Q24BR4B2PWK/"
},
{
"name": "FEDORA-2021-851c6e4e2d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6XJAULOS5JVB2L67NCKKMJ5NTKZJBSD/"
},
{
"name": "FEDORA-2021-66547ff92d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDTZVGSXQ7HR7OCGSUHTRNTMBG43OMKU/"
},
{
"name": "FEDORA-2021-17668e344a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4KSYYWMGAKOA2JVCQA422OINT6CKQ7O/"
},
{
"name": "FEDORA-2021-d5cde50865",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPE7SMXYUIWPOIZV4DQYXODRXMFX3C5E/"
},
{
"name": "FEDORA-2021-7547ad987f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/"
},
{
"name": "FEDORA-2021-f4fd9372c7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/"
},
{
"name": "FEDORA-2021-3352c1c802",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"name": "FEDORA-2021-907f3bacae",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/"
},
{
"name": "[debian-lts-announce] 20210405 [SECURITY] [DLA 2619-1] python3.5 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=26185005"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210226-0003/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "[debian-lts-announce] 20220212 [SECURITY] [DLA 2919-1] python2.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00013.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-3177",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T15:03:29.016940Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T15:03:34.545Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Python 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in _ctypes/callproc.c, which may lead to remote code execution in certain Python applications that accept floating-point numbers as untrusted input, as demonstrated by a 1e300 argument to c_double.from_param. This occurs because sprintf is used unsafely."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-24T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.python.org/issue42938"
},
{
"url": "https://github.com/python/cpython/pull/24239"
},
{
"url": "https://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html"
},
{
"name": "FEDORA-2021-faf88b9499",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MGSV6BJQLRQ6RKVUXK7JGU7TP4QFGQXC/"
},
{
"name": "FEDORA-2021-cc3ff94cfc",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NQPARTLNSFQVMMQHPNBFOCOZOO3TMQNA/"
},
{
"name": "GLSA-202101-18",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202101-18"
},
{
"name": "FEDORA-2021-e3a5a74610",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7GZV74KM72O2PEJN2C4XP3V5Q5MZUOO/"
},
{
"name": "FEDORA-2021-ced31f3f0c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CCFZMVRQUKCBQIG5F2CBVADK63NFSE4A/"
},
{
"name": "FEDORA-2021-42ba9feb47",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BRHOCQYX3QLDGDQGTWQAUUT2GGIZCZUO/"
},
{
"name": "FEDORA-2021-076a2dccba",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NXSMBHES3ANXXS2RSO5G6Q24BR4B2PWK/"
},
{
"name": "FEDORA-2021-851c6e4e2d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V6XJAULOS5JVB2L67NCKKMJ5NTKZJBSD/"
},
{
"name": "FEDORA-2021-66547ff92d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YDTZVGSXQ7HR7OCGSUHTRNTMBG43OMKU/"
},
{
"name": "FEDORA-2021-17668e344a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4KSYYWMGAKOA2JVCQA422OINT6CKQ7O/"
},
{
"name": "FEDORA-2021-d5cde50865",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPE7SMXYUIWPOIZV4DQYXODRXMFX3C5E/"
},
{
"name": "FEDORA-2021-7547ad987f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HCQTCSP6SCVIYNIRUJC5X7YBVUHPLSC4/"
},
{
"name": "FEDORA-2021-f4fd9372c7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NODWHDIFBQE5RU5PUWUVE47JOT5VCMJ2/"
},
{
"name": "FEDORA-2021-3352c1c802",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MP572OLHMS7MZO4KUPSCIMSZIA5IZZ62/"
},
{
"name": "[mina-dev] 20210225 [jira] [Created] (FTPSERVER-500) Security vulnerability in common/lib/log4j-1.2.17.jar",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772%40%3Cdev.mina.apache.org%3E"
},
{
"name": "FEDORA-2021-907f3bacae",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FONHJIOZOFD7CD35KZL6SVBUTMBPGZGA/"
},
{
"name": "[debian-lts-announce] 20210405 [SECURITY] [DLA 2619-1] python3.5 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://news.ycombinator.com/item?id=26185005"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210226-0003/"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "[debian-lts-announce] 20220212 [SECURITY] [DLA 2919-1] python2.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00013.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-3177",
"datePublished": "2021-01-19T00:00:00.000Z",
"dateReserved": "2021-01-19T00:00:00.000Z",
"dateUpdated": "2025-12-18T15:03:34.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2020-8492 (GCVE-0-2020-8492)
Vulnerability from cvelistv5 – Published: 2020-01-30 00:00 – Updated: 2024-08-04 10:03
VLAI?
EPSS
Summary
Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T10:03:45.890Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.python.org/issue39503"
},
{
"tags": [
"x_transferred"
],
"url": "https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/pull/18284"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200221-0001/"
},
{
"name": "openSUSE-SU-2020:0274",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html"
},
{
"name": "USN-4333-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4333-1/"
},
{
"name": "USN-4333-2",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4333-2/"
},
{
"name": "GLSA-202005-09",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-09"
},
{
"name": "FEDORA-2020-98e0f0f11b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APGWEMYZIY5VHLCSZ3HD67PA5Z2UQFGH/"
},
{
"name": "FEDORA-2020-6a88dad4a0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WOKDEXLYW5UQ4S7PA7E37IITOC7C56J/"
},
{
"name": "FEDORA-2020-8bdd3fd7a4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/"
},
{
"name": "FEDORA-2020-ea5bdbcc90",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/"
},
{
"name": "[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html"
},
{
"name": "[cassandra-commits] 20210816 [jira] [Created] (CASSANDRA-16857) Security vulnerability CVE-2020-8492",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rdb31a608dd6758c6093fd645aea3fbf022dd25b37109b6aaea5bc0b5%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210816 [jira] [Updated] (CASSANDRA-16857) Security vulnerability CVE-2020-8492",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfec113c733162b39633fd86a2d0f34bf42ac35f711b3ec1835c774da%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server to conduct Regular Expression Denial of Service (ReDoS) attacks against a client because of urllib.request.AbstractBasicAuthHandler catastrophic backtracking."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-24T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugs.python.org/issue39503"
},
{
"url": "https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html"
},
{
"url": "https://github.com/python/cpython/pull/18284"
},
{
"url": "https://security.netapp.com/advisory/ntap-20200221-0001/"
},
{
"name": "openSUSE-SU-2020:0274",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00003.html"
},
{
"name": "USN-4333-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4333-1/"
},
{
"name": "USN-4333-2",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4333-2/"
},
{
"name": "GLSA-202005-09",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202005-09"
},
{
"name": "FEDORA-2020-98e0f0f11b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APGWEMYZIY5VHLCSZ3HD67PA5Z2UQFGH/"
},
{
"name": "FEDORA-2020-6a88dad4a0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WOKDEXLYW5UQ4S7PA7E37IITOC7C56J/"
},
{
"name": "FEDORA-2020-8bdd3fd7a4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UESGYI5XDAHJBATEZN3MHNDUBDH47AS6/"
},
{
"name": "FEDORA-2020-ea5bdbcc90",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A5NSAX4SC3V64PGZUPH7PRDLSON34Q5A/"
},
{
"name": "[debian-lts-announce] 20200715 [SECURITY] [DLA 2280-1] python3.5 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00011.html"
},
{
"name": "[cassandra-commits] 20210816 [jira] [Created] (CASSANDRA-16857) Security vulnerability CVE-2020-8492",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rdb31a608dd6758c6093fd645aea3fbf022dd25b37109b6aaea5bc0b5%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[cassandra-commits] 20210816 [jira] [Updated] (CASSANDRA-16857) Security vulnerability CVE-2020-8492",
"tags": [
"mailing-list"
],
"url": "https://lists.apache.org/thread.html/rfec113c733162b39633fd86a2d0f34bf42ac35f711b3ec1835c774da%40%3Ccommits.cassandra.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-8492",
"datePublished": "2020-01-30T00:00:00",
"dateReserved": "2020-01-30T00:00:00",
"dateUpdated": "2024-08-04T10:03:45.890Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-26116 (GCVE-0-2020-26116)
Vulnerability from cvelistv5 – Published: 2020-09-27 00:00 – Updated: 2024-08-04 15:49
VLAI?
EPSS
Summary
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:49:07.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://python-security.readthedocs.io/vuln/http-header-injection-method.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.python.org/issue39603"
},
{
"name": "FEDORA-2020-221823ebdd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BW4GCLQISJCOEGQNIMVUZDQMIY6RR6CC/"
},
{
"name": "FEDORA-2020-887d3fa26f",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWMAVY4T4257AZHTF2RZJKNJNSJFY24O/"
},
{
"name": "FEDORA-2020-d30881c970",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/"
},
{
"name": "USN-4581-1",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4581-1/"
},
{
"name": "FEDORA-2020-e33acdea18",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDQ2THWU4GPV4Y5H5WW5PFMSWXL2CRFD/"
},
{
"name": "openSUSE-SU-2020:1859",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00027.html"
},
{
"name": "FEDORA-2020-d42cb01973",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QOX7DGMMWWL6POCRYGAUCISOLR2IG3XV/"
},
{
"name": "[debian-lts-announce] 20201119 [SECURITY] [DLA 2456-1] python3.5 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html"
},
{
"name": "GLSA-202101-18",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202101-18"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201023-0001/"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-24T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://python-security.readthedocs.io/vuln/http-header-injection-method.html"
},
{
"url": "https://bugs.python.org/issue39603"
},
{
"name": "FEDORA-2020-221823ebdd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BW4GCLQISJCOEGQNIMVUZDQMIY6RR6CC/"
},
{
"name": "FEDORA-2020-887d3fa26f",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JWMAVY4T4257AZHTF2RZJKNJNSJFY24O/"
},
{
"name": "FEDORA-2020-d30881c970",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OXI72HIHMXCQFWTULUXDG7VDA2BCYL4Y/"
},
{
"name": "USN-4581-1",
"tags": [
"vendor-advisory"
],
"url": "https://usn.ubuntu.com/4581-1/"
},
{
"name": "FEDORA-2020-e33acdea18",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HDQ2THWU4GPV4Y5H5WW5PFMSWXL2CRFD/"
},
{
"name": "openSUSE-SU-2020:1859",
"tags": [
"vendor-advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00027.html"
},
{
"name": "FEDORA-2020-d42cb01973",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QOX7DGMMWWL6POCRYGAUCISOLR2IG3XV/"
},
{
"name": "[debian-lts-announce] 20201119 [SECURITY] [DLA 2456-1] python3.5 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00032.html"
},
{
"name": "GLSA-202101-18",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202101-18"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20201023-0001/"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-26116",
"datePublished": "2020-09-27T00:00:00",
"dateReserved": "2020-09-27T00:00:00",
"dateUpdated": "2024-08-04T15:49:07.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-21903 (GCVE-0-2026-21903)
Vulnerability from cvelistv5 – Published: 2026-01-15 20:18 – Updated: 2026-01-15 21:12
VLAI?
EPSS
Title
Junos OS: Subscribing to telemetry sensors at scale causes all FPCs to crash
Summary
A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a network-based attacker, authenticated with low privileges to cause a Denial-of-Service (DoS).
Subscribing to telemetry sensors at scale causes all FPC connections to drop, resulting in an FPC crash and restart.
The issue was not seen when YANG packages for the specific sensors were installed.
This issue affects Junos OS:
* all versions before 22.4R3-S7,
* 23.2 version before 23.2R2-S4,
* 23.4 versions before 23.4R2.
Severity ?
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 22.4R3-S7
(semver)
Affected: 23.2 , < 23.2R2-S4 (semver) Affected: 23.4 , < 23.4R2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21903",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T21:12:00.833031Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T21:12:08.631Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.4R3-S7",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S4",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A device is only exposed to this issue if GRPC services are configured:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ system services extension-service request-response grpc ]\u003c/tt\u003e"
}
],
"value": "A device is only exposed to this issue if GRPC services are configured:\n\n[ system services extension-service request-response grpc ]"
}
],
"datePublic": "2026-01-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a network-based attacker,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eauthenticated\u003c/span\u003e\u0026nbsp;with low privileges to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSubscribing to telemetry sensors at scale causes all FPC connections to drop, resulting in an FPC crash and restart.\u003cbr\u003eThe issue was not seen when YANG packages for the specific sensors were installed. \u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S7,\u003c/li\u003e\u003cli\u003e23.2 version before 23.2R2-S4,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "A Stack-based Buffer Overflow vulnerability in the Packet Forwarding Engine (pfe) of Juniper Networks Junos OS allows a network-based attacker,\u00a0authenticated\u00a0with low privileges to cause a Denial-of-Service (DoS).\n\n\n\nSubscribing to telemetry sensors at scale causes all FPC connections to drop, resulting in an FPC crash and restart.\nThe issue was not seen when YANG packages for the specific sensors were installed. \n\n\n\nThis issue affects Junos OS:\u00a0\n\n\n\n * all versions before 22.4R3-S7,\n * 23.2 version before 23.2R2-S4,\n * 23.4 versions before 23.4R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:18:36.767Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA106022"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA106022"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S7, 23.2R2-S4, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S7, 23.2R2-S4, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA106022",
"defect": [
"1811989"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: Subscribing to telemetry sensors at scale causes all FPCs to crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2026-21903",
"datePublished": "2026-01-15T20:18:36.767Z",
"dateReserved": "2026-01-05T17:32:48.709Z",
"dateUpdated": "2026-01-15T21:12:08.631Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-3737 (GCVE-0-2021-3737)
Vulnerability from cvelistv5 – Published: 2022-03-04 00:00 – Updated: 2025-12-17 21:32
VLAI?
EPSS
Summary
A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability.
Severity ?
7.5 (High)
CWE
- CWE-835 - - Loop with Unreachable Exit Condition ('Infinite Loop'), CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:45:09.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.python.org/issue44022"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/pull/25916"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995162"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/pull/26503"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2021-3737"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220407-0009/"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-3737",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-17T21:32:43.233615Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-17T21:32:47.732Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "python",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in python v3.6.14, python v3.7.11, python v3.8.11, python v3.9.6, python v3.10.0b2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker, who controls the HTTP server, to make the client script enter an infinite loop, consuming CPU time. The highest threat from this vulnerability is to system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 - Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027), CWE-400 - Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugs.python.org/issue44022"
},
{
"url": "https://github.com/python/cpython/pull/25916"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995162"
},
{
"url": "https://github.com/python/cpython/pull/26503"
},
{
"url": "https://ubuntu.com/security/CVE-2021-3737"
},
{
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"url": "https://python-security.readthedocs.io/vuln/urllib-100-continue-loop.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220407-0009/"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3737",
"datePublished": "2022-03-04T00:00:00.000Z",
"dateReserved": "2021-08-26T00:00:00.000Z",
"dateUpdated": "2025-12-17T21:32:47.732Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21914 (GCVE-0-2026-21914)
Vulnerability from cvelistv5 – Published: 2026-01-15 20:25 – Updated: 2026-01-15 20:44
VLAI?
EPSS
Title
Junos OS: SRX Series: A specifically malformed GTP message will cause an FPC crash
Summary
An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos).
If an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message, a lock is acquired and never released. This results in other threads not being able to acquire a lock themselves, causing a watchdog timeout leading to FPC crash and restart. This issue leads to a complete traffic outage until the device has automatically recovered.
This issue affects Junos OS on SRX Series:
* all versions before 22.4R3-S8,
* 23.2 versions before 23.2R2-S5,
* 23.4 versions before 23.4R2-S6,
* 24.2 versions before 24.2R2-S3,
* 24.4 versions before 24.4R2-S2,
* 25.2 versions before 25.2R1-S1, 25.2R2.
Severity ?
CWE
- CWE-667 - Improper Locking
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 22.4R3-S8
(semver)
Affected: 23.2 , < 23.2R2-S5 (semver) Affected: 23.4 , < 23.4R2-S6 (semver) Affected: 24.2 , < 24.2R2-S3 (semver) Affected: 24.4 , < 24.4R2-S2 (semver) Affected: 25.2 , < 25.2R1-S1, 25.2R2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21914",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T20:44:24.800966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:44:30.550Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.4R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S5",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S6",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2-S3",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThan": "24.4R2-S2",
"status": "affected",
"version": "24.4",
"versionType": "semver"
},
{
"lessThan": "25.2R1-S1, 25.2R2",
"status": "affected",
"version": "25.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "To be exposed to this issue the device needs to be configured with a GTP profile as follows:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ security policies ... policy \u0026lt;policy-name\u0026gt; then permit application-services gtp-profile \u0026lt;profile-name\u0026gt; ]\u003c/tt\u003e"
}
],
"value": "To be exposed to this issue the device needs to be configured with a GTP profile as follows:\n\n[ security policies ... policy \u003cpolicy-name\u003e then permit application-services gtp-profile \u003cprofile-name\u003e ]"
}
],
"datePublic": "2026-01-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos).\u003cbr\u003e\u003cbr\u003eIf an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message, a lock is acquired and never released. This results in other threads not being able to acquire a lock themselves, causing a watchdog timeout leading to FPC crash and restart. This issue leads to a complete traffic outage until the device has automatically recovered.\u003cbr\u003e\u003cbr\u003eThis issue affects Junos OS on SRX Series:\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S5,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-S6,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S3,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2-S2,\u003c/li\u003e\u003cli\u003e25.2 versions before 25.2R1-S1, 25.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003e\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "An Improper Locking vulnerability in the GTP plugin of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos).\n\nIf an SRX Series device receives a specifically malformed GPRS Tunnelling Protocol (GTP) Modify Bearer Request message, a lock is acquired and never released. This results in other threads not being able to acquire a lock themselves, causing a watchdog timeout leading to FPC crash and restart. This issue leads to a complete traffic outage until the device has automatically recovered.\n\nThis issue affects Junos OS on SRX Series:\n\n * all versions before 22.4R3-S8,\n * 23.2 versions before 23.2R2-S5,\n * 23.4 versions before 23.4R2-S6,\n * 24.2 versions before 24.2R2-S3,\n * 24.4 versions before 24.4R2-S2,\n * 25.2 versions before 25.2R1-S1, 25.2R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-667",
"description": "CWE-667 Improper Locking",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:25:35.725Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA106015"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA106015"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S3, 24.4R2-S2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S3, 24.4R2-S2, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA106015",
"defect": [
"1882028"
],
"discovery": "USER"
},
"title": "Junos OS: SRX Series: A specifically malformed GTP message will cause an FPC crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2026-21914",
"datePublished": "2026-01-15T20:25:35.725Z",
"dateReserved": "2026-01-05T17:32:48.711Z",
"dateUpdated": "2026-01-15T20:44:30.550Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21909 (GCVE-0-2026-21909)
Vulnerability from cvelistv5 – Published: 2026-01-15 20:22 – Updated: 2026-01-15 20:52
VLAI?
EPSS
Title
Junos OS and Junos OS Evolved: Receipt of specific IS-IS update packet causes memory leak leading to RPD crash
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt and processing of these packets will exhaust all available memory, crashing rpd and creating a Denial of Service (DoS) condition.
Memory usage can be monitored through the use of the 'show task memory detail' command. For example:
user@junos> show task memory detail | match ted-infra
TED-INFRA-COOKIE 25 1072 28 1184 229
user@junos>
show task memory detail | match ted-infra
TED-INFRA-COOKIE 31 1360 34 1472 307
This issue affects:
Junos OS:
* from 23.2 before 23.2R2,
* from 23.4 before 23.4R1-S2, 23.4R2,
* from 24.1 before 24.1R2;
Junos OS Evolved:
* from 23.2 before 23.2R2-EVO,
* from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO,
* from 24.1 before 24.1R2-EVO.
This issue does not affect Junos OS versions before 23.2R1 or Junos OS Evolved versions before 23.2R1-EVO.
Severity ?
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
23.2 , < 23.2R2
(semver)
Affected: 23.4 , < 23.4R1-S2, 23.4R2 (semver) Affected: 24.1 , < 24.1R2 (semver) Unaffected: 0 , < 23.2R1 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T20:52:37.531214Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:52:42.400Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "23.2R2",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2, 23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.1R2",
"status": "affected",
"version": "24.1",
"versionType": "semver"
},
{
"lessThan": "23.2R1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "23.2R2-EVO",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2-EVO, 23.4R2-EVO",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.1R2-EVO",
"status": "affected",
"version": "24.1",
"versionType": "semver"
},
{
"lessThan": "23.2R1-EVO",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue affects systems with IS-IS configured. For example:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[protocols isis interface lo.0 ...]\u003cbr\u003e\n\n[protocols isis interface \u0026lt;interface\u0026gt; ...]\u003cbr\u003e[interfaces \u0026lt;interface\u0026gt; unit \u0026lt;n\u0026gt; family iso]\u003c/tt\u003e"
}
],
"value": "This issue affects systems with IS-IS configured. For example:\n\n[protocols isis interface lo.0 ...]\n\n\n[protocols isis interface \u003cinterface\u003e ...]\n[interfaces \u003cinterface\u003e unit \u003cn\u003e family iso]"
}
],
"datePublic": "2026-01-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak.\u0026nbsp;Continued receipt and processing of these packets will exhaust all available memory, crashing rpd and creating a Denial of Service (DoS) condition.\u003cbr\u003e\u003cbr\u003eMemory usage can be monitored through the use of the \u0027show task memory detail\u0027 command. For example:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003euser@junos\u0026gt; show task memory detail | match ted-infra\u003cbr\u003e\u0026nbsp; TED-INFRA-COOKIE \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; 25 \u0026nbsp; 1072 \u0026nbsp; \u0026nbsp; 28 \u0026nbsp; 1184 \u0026nbsp; \u0026nbsp; 229\u003cbr\u003e\u003c/tt\u003e\u003cbr\u003e\n\n\u003ctt\u003euser@junos\u0026gt; \n\nshow task memory detail | match ted-infra\u003cbr\u003e\u0026nbsp; TED-INFRA-COOKIE \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u0026nbsp; \u003cb\u003e\u003cspan style=\"background-color: rgb(239, 250, 102);\"\u003e31\u003c/span\u003e\u003c/b\u003e \u0026nbsp; \u003cb\u003e\u003cspan style=\"background-color: rgb(239, 250, 102);\"\u003e1360\u003c/span\u003e\u003c/b\u003e \u0026nbsp; \u0026nbsp; 34 \u0026nbsp; 1472 \u0026nbsp; \u0026nbsp; 307\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 23.2 before 23.2R2,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R1-S2, 23.4R2,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.1 before 24.1R2;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 23.2 before 23.2R2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.1 before 24.1R2-EVO.\u003c/li\u003e\u003c/ul\u003eThis issue does not affect Junos OS versions before 23.2R1 or Junos OS Evolved versions before 23.2R1-EVO."
}
],
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak.\u00a0Continued receipt and processing of these packets will exhaust all available memory, crashing rpd and creating a Denial of Service (DoS) condition.\n\nMemory usage can be monitored through the use of the \u0027show task memory detail\u0027 command. For example:\n\nuser@junos\u003e show task memory detail | match ted-infra\n\u00a0 TED-INFRA-COOKIE \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 25 \u00a0 1072 \u00a0 \u00a0 28 \u00a0 1184 \u00a0 \u00a0 229\n\n\n\nuser@junos\u003e \n\nshow task memory detail | match ted-infra\n\u00a0 TED-INFRA-COOKIE \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 31 \u00a0 1360 \u00a0 \u00a0 34 \u00a0 1472 \u00a0 \u00a0 307\n\nThis issue affects:\n\nJunos OS:\u00a0\n\n * from 23.2 before 23.2R2,\u00a0\n * from 23.4 before 23.4R1-S2, 23.4R2,\u00a0\n * from 24.1 before 24.1R2;\u00a0\n\n\nJunos OS Evolved:\u00a0\n\n * from 23.2 before 23.2R2-EVO,\u00a0\n * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO,\u00a0\n * from 24.1 before 24.1R2-EVO.\n\n\nThis issue does not affect Junos OS versions before 23.2R1 or Junos OS Evolved versions before 23.2R1-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401 Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:22:44.674Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA106008"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA106008"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS:\u0026nbsp;23.2R2, 23.4R1-S2, 23.4R2, 24.1R2, 24.2R1\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e, and all subsequent releases.\u003c/span\u003e\n\n\u003cbr\u003e Junos OS Evolved:\u0026nbsp;23.2R2-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.1R2-EVO, 24.2R1-EVO,\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eand all subsequent releases.\u003c/span\u003e\n\n\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS:\u00a023.2R2, 23.4R1-S2, 23.4R2, 24.1R2, 24.2R1, and all subsequent releases.\n\n\n Junos OS Evolved:\u00a023.2R2-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.1R2-EVO, 24.2R1-EVO,\u00a0and all subsequent releases."
}
],
"source": {
"advisory": "JSA106008",
"defect": [
"1793982"
],
"discovery": "USER"
},
"title": "Junos OS and Junos OS Evolved: Receipt of specific IS-IS update packet causes memory leak leading to RPD crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2026-21909",
"datePublished": "2026-01-15T20:22:44.674Z",
"dateReserved": "2026-01-05T17:32:48.710Z",
"dateUpdated": "2026-01-15T20:52:42.400Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21908 (GCVE-0-2026-21908)
Vulnerability from cvelistv5 – Published: 2026-01-15 20:21 – Updated: 2026-01-16 04:55
VLAI?
EPSS
Title
Junos OS and Junos OS Evolved: Use after free vulnerability In 802.1X authentication daemon can cause crash of the dot1xd process
Summary
A Use After Free vulnerability was identified in the 802.1X authentication daemon (dot1xd) of Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated, network-adjacent attacker flapping a port to crash the dot1xd process, leading to a Denial of Service (DoS), or potentially execute arbitrary code within the context of the process running as root.
The issue is specific to the processing of a change in authorization (CoA) when a port bounce occurs. A pointer is freed but was then referenced later in the same code path. Successful exploitation is outside the attacker's direct control due to the specific timing of the two events required to execute the vulnerable code path.
This issue affects systems with 802.1X authentication port-based network access control (PNAC) enabled.
This issue affects:
Junos OS:
* from 23.2R2-S1 before 23.2R2-S5,
* from 23.4R2 before 23.4R2-S6,
* from 24.2 before 24.2R2-S3,
* from 24.4 before 24.4R2-S1,
* from 25.2 before 25.2R1-S2, 25.2R2;
Junos OS Evolved:
* from 23.2R2-S1 before 23.2R2-S5-EVO,
* from 23.4R2 before 23.4R2-S6-EVO,
* from 24.2 before 24.2R2-S3-EVO,
* from 24.4 before 24.4R2-S1-EVO,
* from 25.2 before 25.2R1-S2-EVO, 25.2R2-EVO.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
23.2R2-S1 , < 23.2R2-S5
(semver)
Affected: 23.4R2 , < 23.4R2-S6 (semver) Affected: 24.2 , < 24.2R2-S3 (semver) Affected: 24.4 , < 24.4R2-S1 (semver) Affected: 25.2 , < 25.2R1-S2, 25.2R2 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21908",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T04:55:55.090Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "23.2R2-S5",
"status": "affected",
"version": "23.2R2-S1",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S6",
"status": "affected",
"version": "23.4R2",
"versionType": "semver"
},
{
"lessThan": "24.2R2-S3",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThan": "24.4R2-S1",
"status": "affected",
"version": "24.4",
"versionType": "semver"
},
{
"lessThan": "25.2R1-S2, 25.2R2",
"status": "affected",
"version": "25.2",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "23.2R2-S5-EVO",
"status": "affected",
"version": "23.2R2-S1",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S6-EVO",
"status": "affected",
"version": "23.4R2",
"versionType": "semver"
},
{
"lessThan": "24.2R2-S3-EVO",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThan": "24.4R2-S1-EVO",
"status": "affected",
"version": "24.4",
"versionType": "semver"
},
{
"lessThan": "25.2R1-S2-EVO, 25.2R2-EVO",
"status": "affected",
"version": "25.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue requires support for 802.1X be enabled. For example:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[protocols dot1x authenticator ...]\u003c/tt\u003e"
}
],
"value": "This issue requires support for 802.1X be enabled. For example:\n\n[protocols dot1x authenticator ...]"
}
],
"datePublic": "2026-01-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Use After Free vulnerability was identified in the 802.1X authentication daemon (dot1xd) of\u0026nbsp;Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated, network-adjacent attacker flapping a port to crash the dot1xd process, leading to a Denial of Service (DoS), or potentially execute arbitrary code within the context of the process running as root.\u003cbr\u003e\u003cbr\u003eThe issue is specific to the processing of a change in authorization (CoA) when a port bounce occurs. A pointer is freed but was then referenced later in the same code path. Successful exploitation is outside the attacker\u0027s direct control due to the specific timing of the two events required to execute the vulnerable code path.\u003cbr\u003e\u003cbr\u003eThis issue affects systems with 802.1X authentication port-based network access control (PNAC) enabled.\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003eJunos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 23.2R2-S1 before 23.2R2-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4R2 before 23.4R2-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.4 before 24.4R2-S1,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 25.2 before 25.2R1-S2, 25.2R2;\u0026nbsp;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003efrom 23.2R2-S1 before 23.2R2-S5-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4R2 before 23.4R2-S6-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2-S3-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.4 before 24.4R2-S1-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 25.2 before 25.2R1-S2-EVO, 25.2R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A Use After Free vulnerability was identified in the 802.1X authentication daemon (dot1xd) of\u00a0Juniper Networks Junos OS and Junos OS Evolved that could allow an authenticated, network-adjacent attacker flapping a port to crash the dot1xd process, leading to a Denial of Service (DoS), or potentially execute arbitrary code within the context of the process running as root.\n\nThe issue is specific to the processing of a change in authorization (CoA) when a port bounce occurs. A pointer is freed but was then referenced later in the same code path. Successful exploitation is outside the attacker\u0027s direct control due to the specific timing of the two events required to execute the vulnerable code path.\n\nThis issue affects systems with 802.1X authentication port-based network access control (PNAC) enabled.\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * from 23.2R2-S1 before 23.2R2-S5,\u00a0\n * from 23.4R2 before 23.4R2-S6,\u00a0\n * from 24.2 before 24.2R2-S3,\u00a0\n * from 24.4 before 24.4R2-S1,\u00a0\n * from 25.2 before 25.2R1-S2, 25.2R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * from 23.2R2-S1 before 23.2R2-S5-EVO,\u00a0\n * from 23.4R2 before 23.4R2-S6-EVO,\u00a0\n * from 24.2 before 24.2R2-S3-EVO,\u00a0\n * from 24.4 before 24.4R2-S1-EVO,\u00a0\n * from 25.2 before 25.2R1-S2-EVO, 25.2R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "ADJACENT",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "GREEN",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:L/RE:M/U:Green",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:21:41.576Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA106007"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA106007"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS 23.2R2-S5, 23.4R2-S6, 24.2R2-S3, 24.4R2-S1, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases.\u003cbr\u003eJunos OS Evolved:\u0026nbsp;23.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S3-EVO, 24.4R2-S1-EVO, 25.2R1-S2-EVO, 25.2R2-EVO, 25.4R1-EVO,"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS 23.2R2-S5, 23.4R2-S6, 24.2R2-S3, 24.4R2-S1, 25.2R1-S2, 25.2R2, 25.4R1, and all subsequent releases.\nJunos OS Evolved:\u00a023.2R2-S5-EVO, 23.4R2-S6-EVO, 24.2R2-S3-EVO, 24.4R2-S1-EVO, 25.2R1-S2-EVO, 25.2R2-EVO, 25.4R1-EVO,"
}
],
"source": {
"advisory": "JSA106007",
"defect": [
"1896371"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Use after free vulnerability In 802.1X authentication daemon can cause crash of the dot1xd process",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2026-21908",
"datePublished": "2026-01-15T20:21:41.576Z",
"dateReserved": "2026-01-05T17:32:48.710Z",
"dateUpdated": "2026-01-16T04:55:55.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-3733 (GCVE-0-2021-3733)
Vulnerability from cvelistv5 – Published: 2022-03-07 00:00 – Updated: 2025-11-03 21:45
VLAI?
EPSS
Summary
There's a flaw in urllib's AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability.
Severity ?
No CVSS data available.
CWE
- CWE-400 - - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:45:06.299Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugs.python.org/issue43075"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995234"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/pull/24391"
},
{
"tags": [
"x_transferred"
],
"url": "https://ubuntu.com/security/CVE-2021-3733"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20220407-0001/"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "python",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in python v3.6.14, python v3.7.11, python v3.8.10, python v3.9.5."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There\u0027s a flaw in urllib\u0027s AbstractBasicAuthHandler class. An attacker who controls a malicious HTTP server that an HTTP client (such as web browser) connects to, could trigger a Regular Expression Denial of Service (ReDOS) during an authentication request with a specially crafted payload that is sent by the server to the client. The greatest threat that this flaw poses is to application availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 - Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"url": "https://bugs.python.org/issue43075"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1995234"
},
{
"url": "https://github.com/python/cpython/pull/24391"
},
{
"url": "https://ubuntu.com/security/CVE-2021-3733"
},
{
"url": "https://github.com/python/cpython/commit/7215d1ae25525c92b026166f9d5cac85fb"
},
{
"url": "https://security.netapp.com/advisory/ntap-20220407-0001/"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2021-3733",
"datePublished": "2022-03-07T00:00:00.000Z",
"dateReserved": "2021-08-23T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:45:06.299Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21905 (GCVE-0-2026-21905)
Vulnerability from cvelistv5 – Published: 2026-01-15 20:19 – Updated: 2026-01-16 16:26
VLAI?
EPSS
Title
Junos OS: SRX Series, MX Series with MX-SPC3 or MS-MPC: Receipt of multiple specific SIP messages results in flow management process crash
Summary
A Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the SIP application layer gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages over TCP to crash the flow management process, leading to a Denial of Service (DoS).
On SRX Series, and MX Series with MX-SPC3 or MS-MPC service cards, receipt of multiple SIP messages causes the SIP headers to be parsed incorrectly, eventually causing a continuous loop and leading to a watchdog timer expiration, crashing the flowd process on SRX Series and MX Series with MX-SPC3, or mspmand process on MX Series with MS-MPC.
This issue only occurs over TCP. SIP messages sent over UDP cannot trigger this issue.
This issue affects Junos OS on SRX Series and MX Series with MX-SPC3 and MS-MPC:
* all versions before 21.2R3-S10,
* from 21.4 before 21.4R3-S12,
* from 22.4 before 22.4R3-S8,
* from 23.2 before 23.2R2-S5,
* from 23.4 before 23.4R2-S6,
* from 24.2 before 24.2R2-S3,
* from 24.4 before 24.4R2-S1,
* from 25.2 before 25.2R1-S1, 25.2R2.
Severity ?
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.2R3-S10
(semver)
Affected: 21.4 , < 21.4R3-S12 (semver) Affected: 22.4 , < 22.4R3-S8 (semver) Affected: 23.2 , < 23.2R2-S5 (semver) Affected: 23.4 , < 23.4R2-S6 (semver) Affected: 24.2 , < 24.2R2-S3 (semver) Affected: 24.4 , < 24.4R2-S1 (semver) Affected: 25.2 , < 25.2R1-S1, 25.2R2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21905",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T16:25:54.871316Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T16:26:02.071Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"SRX Series",
"MX Series with MX-SPC3",
"MX Series with MS-MPC"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.2R3-S10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "21.4R3-S12",
"status": "affected",
"version": "21.4",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S8",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S5",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S6",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2-S3",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThan": "24.4R2-S1",
"status": "affected",
"version": "24.4",
"versionType": "semver"
},
{
"lessThan": "25.2R1-S1, 25.2R2",
"status": "affected",
"version": "25.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The SIP ALG must be enabled to be vulnerable to this issue. The SIP ALG is enabled by default on MX-SPC3 and some SRX Series platforms. For other platforms, the following configuration is required:\u003cbr\u003e\u003cbr\u003e\n\n\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e[security alg sip enable]\u003c/span\u003e\u003c/tt\u003e\u003cbr\u003e\n\u003cbr\u003eOn SRX Series and MX Series with MX-SPC3, the SIP ALG status can be confirmed via the \u0027show security alg status\u0027 command:\u003cbr\u003e\n\u003cbr\u003e\n\u003ctt\u003euser@junos\u0026gt; show security alg status\u003c/tt\u003e\u003cbr\u003e\n\u003ctt\u003eALG Status:\u003c/tt\u003e\u003cbr\u003e\n...\u003cbr\u003e\n\u003ctt\u003e\u0026nbsp; SIP \u0026nbsp; \u0026nbsp; : Enabled\u003c/tt\u003e\u003cbr\u003e"
}
],
"value": "The SIP ALG must be enabled to be vulnerable to this issue. The SIP ALG is enabled by default on MX-SPC3 and some SRX Series platforms. For other platforms, the following configuration is required:\n\n\n\n[security alg sip enable]\n\n\nOn SRX Series and MX Series with MX-SPC3, the SIP ALG status can be confirmed via the \u0027show security alg status\u0027 command:\n\n\n\nuser@junos\u003e show security alg status\n\nALG Status:\n\n...\n\n\u00a0 SIP \u00a0 \u00a0 : Enabled"
}
],
"datePublic": "2026-01-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in the SIP application layer gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages over TCP to crash the flow management process, leading to a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003eOn SRX Series, and MX Series with MX-SPC3 or MS-MPC service cards, receipt of multiple SIP messages causes the SIP headers to be parsed incorrectly, eventually causing a continuous loop and leading to a watchdog timer expiration, crashing the flowd process on SRX Series and MX Series with MX-SPC3, or mspmand process on MX Series with MS-MPC.\u003cbr\u003e\u003cbr\u003eThis issue only occurs over TCP. SIP messages sent over UDP cannot trigger this issue.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS on SRX Series and MX Series with MX-SPC3 and MS-MPC:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.2R3-S10,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 21.4 before 21.4R3-S12,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S8,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S6,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.4 before 24.4R2-S1,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 25.2 before 25.2R1-S1, 25.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027) vulnerability in the SIP application layer gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages over TCP to crash the flow management process, leading to a Denial of Service (DoS).\n\nOn SRX Series, and MX Series with MX-SPC3 or MS-MPC service cards, receipt of multiple SIP messages causes the SIP headers to be parsed incorrectly, eventually causing a continuous loop and leading to a watchdog timer expiration, crashing the flowd process on SRX Series and MX Series with MX-SPC3, or mspmand process on MX Series with MS-MPC.\n\nThis issue only occurs over TCP. SIP messages sent over UDP cannot trigger this issue.\n\nThis issue affects Junos OS on SRX Series and MX Series with MX-SPC3 and MS-MPC:\n\n\n\n * all versions before 21.2R3-S10,\u00a0\n * from 21.4 before 21.4R3-S12,\u00a0\n * from 22.4 before 22.4R3-S8,\u00a0\n * from 23.2 before 23.2R2-S5,\u00a0\n * from 23.4 before 23.4R2-S6,\u00a0\n * from 24.2 before 24.2R2-S3,\u00a0\n * from 24.4 before 24.4R2-S1,\u00a0\n * from 25.2 before 25.2R1-S1, 25.2R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:19:22.158Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA106004"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA106004"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S10, 21.4R3-S12, 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S3, 24.4R2-S1, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 21.2R3-S10, 21.4R3-S12, 22.4R3-S8, 23.2R2-S5, 23.4R2-S6, 24.2R2-S3, 24.4R2-S1, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA106004",
"defect": [
"1876029"
],
"discovery": "USER"
},
"title": "Junos OS: SRX Series, MX Series with MX-SPC3 or MS-MPC: Receipt of multiple specific SIP messages results in flow management process crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Where practical, use a firewall filter to limit SIP traffic over TCP.\u003cbr\u003e\u003cbr\u003eAlternately, if the SIP ALG is not required, it can be explicitly disabled on SRX Series and MX Series with MX-SPC3 via:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e# set security alg sip disable\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Where practical, use a firewall filter to limit SIP traffic over TCP.\n\nAlternately, if the SIP ALG is not required, it can be explicitly disabled on SRX Series and MX Series with MX-SPC3 via:\n\n# set security alg sip disable"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2026-21905",
"datePublished": "2026-01-15T20:19:22.158Z",
"dateReserved": "2026-01-05T17:32:48.710Z",
"dateUpdated": "2026-01-16T16:26:02.071Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21920 (GCVE-0-2026-21920)
Vulnerability from cvelistv5 – Published: 2026-01-15 20:28 – Updated: 2026-01-15 20:59
VLAI?
EPSS
Title
Junos OS: SRX Series: If a specific request is processed by the DNS subsystem flowd will crash
Summary
An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
If an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd will crash and restart, which causes a service interruption until the process has recovered.
This issue affects Junos OS on SRX Series:
* 23.4 versions before 23.4R2-S5,
* 24.2 versions before 24.2R2-S1,
* 24.4 versions before 24.4R2.
This issue does not affect Junos OS versions before 23.4R1.
Severity ?
CWE
- CWE-252 - Unchecked Return Value
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
23.4 , < 23.4R2-S5
(semver)
Affected: 24.2 , < 24.2R2-S1 (semver) Affected: 24.4 , < 24.4R2 (semver) Unaffected: 0 , < 23.4R1 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21920",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T20:58:50.543674Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:59:21.070Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "23.4R2-S5",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2-S1",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThan": "24.4R2",
"status": "affected",
"version": "24.4",
"versionType": "semver"
},
{
"lessThan": "23.4R1",
"status": "unaffected",
"version": "0",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA device is exposed to this issue when one of the following features are used / configurations are present:\u003cbr\u003e\u003cbr\u003e- GeoIP:\u003cbr\u003e\u003c/span\u003e\u003ctt\u003e\u003ctt\u003e\u003ctt\u003e\u003c/tt\u003e\u003cbr\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e[ security dynamic-address address-name \u0026lt;name\u0026gt; profile category GeoIP ... ]\u003cbr\u003e\u003c/span\u003e\u003c/tt\u003e\u003c/tt\u003e\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003e- DNS security:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u003ctt\u003e\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e[\u0026nbsp;services security-metadata-streaming policy \u0026lt;name\u0026gt; dns detections ... ]\u003cbr\u003e\u003cbr\u003eor\u003cbr\u003e\u003cbr\u003e[ services security-intelligence profile \u0026lt;profile-name\u0026gt; category DNS ]\u003cbr\u003e[ services security-intelligence profile policy \u0026lt;policy-name\u0026gt; DNS \u0026lt;profile-name\u0026gt; ]\u003cbr\u003e\u003c/span\u003e\u003c/tt\u003e\u003ctt\u003e\u003ctt\u003e\u003ctt\u003e\u003cbr\u003e\u003ctt\u003e\n\n\u003c/tt\u003e\u003c/tt\u003e\u003c/tt\u003e\u003ctt\u003e\u003c/tt\u003e\u003ctt\u003e\u003c/tt\u003e\u003ctt\u003e\u003c/tt\u003e\u003ctt\u003e\u003c/tt\u003e\u003ctt\u003e\u003c/tt\u003e\u003ctt\u003e\u003c/tt\u003e\u003c/tt\u003e\u003c/tt\u003e\u003c/tt\u003e\u003ctt\u003e\u003c/tt\u003e"
}
],
"value": "A device is exposed to this issue when one of the following features are used / configurations are present:\n\n- GeoIP:\n\n[ security dynamic-address address-name \u003cname\u003e profile category GeoIP ... ]\n\n\n- DNS security:\n\n[\u00a0services security-metadata-streaming policy \u003cname\u003e dns detections ... ]\n\nor\n\n[ services security-intelligence profile \u003cprofile-name\u003e category DNS ]\n[ services security-intelligence profile policy \u003cpolicy-name\u003e DNS \u003cprofile-name\u003e ]"
}
],
"datePublic": "2026-01-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\u003c/span\u003e\u003cbr\u003e\n\n\u003cbr\u003e\u003cbr\u003eIf an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd will crash and restart, which causes a service interruption until the process has recovered.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS on SRX Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003e23.4 versions before 23.4R2-S5,\u003c/li\u003e\u003cli\u003e24.2 versions before 24.2R2-S1,\u003c/li\u003e\u003cli\u003e24.4 versions before 24.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n\u003cp\u003eThis issue does not affect Junos OS versions before 23.4R1.\u003c/p\u003e"
}
],
"value": "An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).\n\n\n\n\nIf an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd will crash and restart, which causes a service interruption until the process has recovered.\n\nThis issue affects Junos OS on SRX Series:\n\n\n\n * 23.4 versions before 23.4R2-S5,\n * 24.2 versions before 24.2R2-S1,\n * 24.4 versions before 24.4R2.\n\n\n\n\n\n\nThis issue does not affect Junos OS versions before 23.4R1."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-252",
"description": "CWE-252 Unchecked Return Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:28:10.526Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA106020"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA106020"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 23.4R2-S5, 24.2R2-S1, 24.4R2, 24.4R2-S1, 25.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 23.4R2-S5, 24.2R2-S1, 24.4R2, 24.4R2-S1, 25.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA106020",
"defect": [
"1851909"
],
"discovery": "USER"
},
"title": "Junos OS: SRX Series: If a specific request is processed by the DNS subsystem flowd will crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2026-21920",
"datePublished": "2026-01-15T20:28:10.526Z",
"dateReserved": "2026-01-05T17:32:48.712Z",
"dateUpdated": "2026-01-15T20:59:21.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2022-45061 (GCVE-0-2022-45061)
Vulnerability from cvelistv5 – Published: 2022-11-09 00:00 – Updated: 2025-11-03 21:46
VLAI?
EPSS
Summary
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.
Severity ?
7.5 (High)
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:46:44.155Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/python/cpython/issues/98433"
},
{
"name": "FEDORA-2022-45d2cfdfa4",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/"
},
{
"name": "FEDORA-2022-3e859b6bc6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/"
},
{
"name": "FEDORA-2022-e1ce71ff40",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/"
},
{
"name": "FEDORA-2022-fdb2739feb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20221209-0007/"
},
{
"name": "FEDORA-2022-6f4e6120d7",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/"
},
{
"name": "FEDORA-2022-e6d0495206",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/"
},
{
"name": "FEDORA-2022-6d51289820",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/"
},
{
"name": "FEDORA-2022-50deb53896",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/"
},
{
"name": "FEDORA-2022-93c6916349",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/"
},
{
"name": "FEDORA-2022-18b234c18b",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/"
},
{
"name": "FEDORA-2022-de755fd092",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/"
},
{
"name": "FEDORA-2022-fd3771db30",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/"
},
{
"name": "FEDORA-2022-6b8b96f883",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/"
},
{
"name": "FEDORA-2022-3d7e44dbd5",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/"
},
{
"name": "FEDORA-2022-b2f06fbb62",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/"
},
{
"name": "FEDORA-2022-6ba889e0e3",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/"
},
{
"name": "FEDORA-2022-dbb811d203",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/"
},
{
"name": "FEDORA-2022-e699dd5247",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/"
},
{
"name": "FEDORA-2022-fbf6a320fe",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/"
},
{
"name": "FEDORA-2022-bcf089dd07",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/"
},
{
"name": "FEDORA-2023-a990c93ed0",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/"
},
{
"name": "FEDORA-2023-78b4ce2f23",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/"
},
{
"name": "FEDORA-2023-af5206f71d",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/"
},
{
"name": "FEDORA-2023-943556a733",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/"
},
{
"name": "FEDORA-2023-097dd40685",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/"
},
{
"name": "FEDORA-2023-f1381c83af",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/"
},
{
"name": "GLSA-202305-02",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-02"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
},
{
"name": "FEDORA-2023-129178fd27",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/"
},
{
"name": "FEDORA-2023-c43a940a93",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/"
},
{
"name": "FEDORA-2023-5460cf6dfb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-45061",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-01T14:24:06.327776Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-407",
"description": "CWE-407 Inefficient Algorithmic Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-01T14:24:40.478Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T21:07:33.878Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/python/cpython/issues/98433"
},
{
"name": "FEDORA-2022-45d2cfdfa4",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/"
},
{
"name": "FEDORA-2022-3e859b6bc6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/"
},
{
"name": "FEDORA-2022-e1ce71ff40",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/"
},
{
"name": "FEDORA-2022-fdb2739feb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20221209-0007/"
},
{
"name": "FEDORA-2022-6f4e6120d7",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB5YCMIRVX35RUB6XPOWKENCVCJEVDRK/"
},
{
"name": "FEDORA-2022-e6d0495206",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PLQ2BNZVBBAQPV3SPRU24ZD37UYJJS7W/"
},
{
"name": "FEDORA-2022-6d51289820",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMDX6IFKLOA3NXUQEV524L5LHTPI2JI/"
},
{
"name": "FEDORA-2022-50deb53896",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/63FS6VHY4DCS74HBTEINUDOECQ2X6ZCH/"
},
{
"name": "FEDORA-2022-93c6916349",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ORVCQGJCCAVLN4DJDTWGREFCUWXKQRML/"
},
{
"name": "FEDORA-2022-18b234c18b",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T3D5TX4TDJPXHXD2QICKTY3OCQC3JARP/"
},
{
"name": "FEDORA-2022-de755fd092",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JCDJXNBHWXNYUTOEV4H2HCFSRKV3SYL3/"
},
{
"name": "FEDORA-2022-fd3771db30",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RH57BNT4VQERGEJ5SXNXSVMDYP66YD4H/"
},
{
"name": "FEDORA-2022-6b8b96f883",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKWAMPURWUV3DCCT4J7VHRF4NT2CFVBR/"
},
{
"name": "FEDORA-2022-3d7e44dbd5",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/35YDIWCUMWTMDBWFRAVENFH6BLB65D6S/"
},
{
"name": "FEDORA-2022-b2f06fbb62",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPNWZKXPKTNHS5FVMN7UQZ2UPCSEFJUK/"
},
{
"name": "FEDORA-2022-6ba889e0e3",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B3YI6JYARWU6GULWOHNUROSACT54XFFS/"
},
{
"name": "FEDORA-2022-dbb811d203",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KNE4GMD45RGC2HWUAAIGTDHT5VJ2E4O4/"
},
{
"name": "FEDORA-2022-e699dd5247",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JTYVESWVBPD57ZJC35G5722Q6TS37WSB/"
},
{
"name": "FEDORA-2022-fbf6a320fe",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHVW73QZJMHA4MK7JBT7CXX7XSNYQEGF/"
},
{
"name": "FEDORA-2022-bcf089dd07",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2AOUKI72ACV6CHY2QUFO6VK2DNMVJ2MB/"
},
{
"name": "FEDORA-2023-a990c93ed0",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X3EJ6J7PXVQOULBQZQGBXCXY6LFF6LZD/"
},
{
"name": "FEDORA-2023-78b4ce2f23",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XXZJL3CNAFS5PAIR7K4RL62S3Y7THR7O/"
},
{
"name": "FEDORA-2023-af5206f71d",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QLUGZSEAO3MBWGKCUSMKQIRYJZKJCIOB/"
},
{
"name": "FEDORA-2023-943556a733",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN26PWZTYG6IF3APLRXQJBVACQHZUPT2/"
},
{
"name": "FEDORA-2023-097dd40685",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RDK3ZZBRYFO47ET3N4BNTKVXN47U6ICY/"
},
{
"name": "FEDORA-2023-f1381c83af",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7WQPHKGNXUJC3TC3BDW5RKGROWRJVSFR/"
},
{
"name": "GLSA-202305-02",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-02"
},
{
"name": "[debian-lts-announce] 20230524 [SECURITY] [DLA 3432-1] python2.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00024.html"
},
{
"name": "[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"
},
{
"name": "FEDORA-2023-129178fd27",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QCKD4AFBHXIMHS64ZER2U7QRT33HNE7L/"
},
{
"name": "FEDORA-2023-c43a940a93",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BWJREJHWVRBYDP43YB5WRL3QC7UBA7BR/"
},
{
"name": "FEDORA-2023-5460cf6dfb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B4MYQ3IV6NWA4CKSXEHW45CH2YNDHEPH/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-45061",
"datePublished": "2022-11-09T00:00:00.000Z",
"dateReserved": "2022-11-09T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:46:44.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21921 (GCVE-0-2026-21921)
Vulnerability from cvelistv5 – Published: 2026-01-15 20:28 – Updated: 2026-01-15 20:55
VLAI?
EPSS
Title
Junos OS and Junos OS Evolved: When telemetry collectors are frequently subscribing and unsubscribing to sensors chassisd or rpd will crash
Summary
A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service (DoS).
When telemetry collectors are frequently subscribing and unsubscribing to sensors continuously over a long period of time, telemetry-capable processes like chassisd, rpd or mib2d will crash and restart, which - depending on the process - can cause a complete outage until the system has recovered.
This issue affects:
Junos OS:
* all versions before 22.4R3-S8,
* 23.2 versions before 23.2R2-S5,
* 23.4 versions before 23.4R2;
Junos OS Evolved:
* all versions before 22.4R3-S8-EVO,
* 23.2 versions before 23.2R2-S5-EVO,
* 23.4 versions before 23.4R2-EVO.
Severity ?
CWE
- CWE-416 - Use After Free
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 22.4R3-S8
(semver)
Affected: 23.2 , < 23.2R2-S5 (semver) Affected: 23.4 , < 23.4R2 (semver) |
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21921",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T20:54:58.001808Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:55:25.182Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.4R3-S8",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S5",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.4R3-S8-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S5-EVO",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-EVO",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A device is only exposed to this issue if GRPC services are configured:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[ system services extension-service request-response grpc ]\u003c/tt\u003e\n\n\u003cbr\u003e"
}
],
"value": "A device is only exposed to this issue if GRPC services are configured:\n\n[ system services extension-service request-response grpc ]"
}
],
"datePublic": "2026-01-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service (DoS).\u003cbr\u003e\u003cbr\u003eWhen telemetry collectors are frequently subscribing and unsubscribing to sensors continuously over a long period of time, telemetry-capable processes like chassisd, rpd or mib2d will crash and restart, which - depending on the process - can cause a complete outage until the system has recovered.\u003cbr\u003e\u003cbr\u003e\u003cp\u003eThis issue affects:\u003c/p\u003e\u003cp\u003e\u0026nbsp;Junos OS:\u0026nbsp;\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S5,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2;\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eJunos OS Evolved:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 22.4R3-S8-EVO,\u003c/li\u003e\u003cli\u003e23.2 versions before 23.2R2-S5-EVO,\u003c/li\u003e\u003cli\u003e23.4 versions before 23.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "A Use After Free vulnerability in the chassis daemon (chassisd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker authenticated with low privileges to cause a Denial-of-Service (DoS).\n\nWhen telemetry collectors are frequently subscribing and unsubscribing to sensors continuously over a long period of time, telemetry-capable processes like chassisd, rpd or mib2d will crash and restart, which - depending on the process - can cause a complete outage until the system has recovered.\n\nThis issue affects:\n\n\u00a0Junos OS:\u00a0\n\n\n\n * all versions before 22.4R3-S8,\n * 23.2 versions before 23.2R2-S5,\n * 23.4 versions before 23.4R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n * all versions before 22.4R3-S8-EVO,\n * 23.2 versions before 23.2R2-S5-EVO,\n * 23.4 versions before 23.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "LOW",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/RE:M",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:28:29.656Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA106021"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA106021"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003eJunos OS Evolved: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-EVO, 24.2R1-EVO,\u0026nbsp;and all subsequent releases;\u003cbr\u003eJunos OS: 22.4R3-S8, 23.2R2-S5, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue:\nJunos OS Evolved: 22.4R3-S8-EVO, 23.2R2-S5-EVO, 23.4R2-EVO, 24.2R1-EVO,\u00a0and all subsequent releases;\nJunos OS: 22.4R3-S8, 23.2R2-S5, 23.4R2, 24.2R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA106021",
"defect": [
"1791928"
],
"discovery": "INTERNAL"
},
"title": "Junos OS and Junos OS Evolved: When telemetry collectors are frequently subscribing and unsubscribing to sensors chassisd or rpd will crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue."
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2026-21921",
"datePublished": "2026-01-15T20:28:29.656Z",
"dateReserved": "2026-01-05T17:32:48.712Z",
"dateUpdated": "2026-01-15T20:55:25.182Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21911 (GCVE-0-2026-21911)
Vulnerability from cvelistv5 – Published: 2026-01-15 20:23 – Updated: 2026-01-15 20:51
VLAI?
EPSS
Title
Junos OS Evolved: Flapping management interface causes MAC learning on label-switched interfaces to stop
Summary
An Incorrect Calculation vulnerability in the Layer 2 Control
Protocol
Daemon (l2cpd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker flapping the management interface to cause the learning of new MACs over label-switched interfaces (LSI) to stop while generating a flood of logs, resulting in high CPU usage.
When the issue is seen, the following log message will be generated:
op:1 flag:0x6 mac:xx:xx:xx:xx:xx:xx bd:2 ifl:13302 reason:0(REASON_NONE) i-op:6(INTRNL_OP_HW_FORCE_DELETE) status:10 lstatus:10 err:26(GETIFBD_VALIDATE_FAILED) err-reason 4(IFBD_VALIDATE_FAIL_EPOCH_MISMATCH) hw_wr:0x4 ctxsync:0 fwdsync:0 rtt-id:51 p_ifl:0 fwd_nh:0 svlbnh:0 event:- smask:0x100000000 dmask:0x0 mplsmask 0x1 act:0x5800 extf:0x0 pfe-id 0 hw-notif-ifl 13302 programmed-ifl 4294967295 pseudo-vtep underlay-ifl-idx 0 stack:GET_MAC, ALLOCATE_MAC, GET_IFL, GET_IFF, GET_IFBD, STOP,
This issue affects Junos OS Evolved:
* all versions before 21.4R3-S7-EVO,
* from 22.2 before 22.2R3-S4-EVO,
* from 22.3 before 22.3R3-S3-EVO,
* from 22.4 before 22.4R3-S2-EVO,
* from 23.2 before 23.2R2-S1-EVO,
* from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO.
Severity ?
CWE
- CWE-682 - Incorrect Calculation
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS Evolved |
Affected:
0 , < 21.4R3-S7-EVO
(semver)
Affected: 22.2 , < 22.2R3-S4-EVO (semver) Affected: 22.3 , < 22.3R3-S3-EVO (semver) Affected: 22.4 , < 22.4R3-S2-EVO (semver) Affected: 23.2 , < 23.2R2-S1-EVO (semver) Affected: 23.4 , < 23.4R1-S2-EVO, 23.4R2-EVO (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21911",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-15T20:51:26.965443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:51:32.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S7-EVO",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.2R3-S4-EVO",
"status": "affected",
"version": "22.2",
"versionType": "semver"
},
{
"lessThan": "22.3R3-S3-EVO",
"status": "affected",
"version": "22.3",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S2-EVO",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S1-EVO",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R1-S2-EVO, 23.4R2-EVO",
"status": "affected",
"version": "23.4",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue affects label-switched interfaces configured for VPLS. For example:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e[routing-instances \u0026lt;name\u0026gt; instance-type vpls]\u003cbr\u003e[routing-instances \u0026lt;name\u0026gt; protocols vpls]\u003c/tt\u003e"
}
],
"value": "This issue affects label-switched interfaces configured for VPLS. For example:\n\n[routing-instances \u003cname\u003e instance-type vpls]\n[routing-instances \u003cname\u003e protocols vpls]"
}
],
"datePublic": "2026-01-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn Incorrect Calculation vulnerability in the Layer 2 Control\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eProtocol \u003c/span\u003e\n\n Daemon (l2cpd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker flapping the management interface to cause the learning of new MACs over label-switched interfaces (LSI) to stop while generating a\u0026nbsp;\u003c/span\u003eflood of logs, resulting in high CPU usage.\u003cbr\u003e\u003cbr\u003eWhen the issue is seen, the following log message will be generated:\u003cbr\u003e\u003cbr\u003e\u003ctt\u003eop:1 flag:0x6 mac:xx:xx:xx:xx:xx:xx bd:2 ifl:13302 reason:0(REASON_NONE) i-op:6(INTRNL_OP_HW_FORCE_DELETE) status:10 lstatus:10 err:26(GETIFBD_VALIDATE_FAILED) err-reason 4(IFBD_VALIDATE_FAIL_EPOCH_MISMATCH) hw_wr:0x4 ctxsync:0 fwdsync:0 rtt-id:51 p_ifl:0 fwd_nh:0 svlbnh:0 event:- smask:0x100000000 dmask:0x0 mplsmask 0x1 act:0x5800 extf:0x0 pfe-id 0 hw-notif-ifl 13302 programmed-ifl 4294967295 pseudo-vtep underlay-ifl-idx 0 stack:GET_MAC, ALLOCATE_MAC, GET_IFL, GET_IFF, GET_IFBD, STOP,\u003c/tt\u003e \u003cp\u003e\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Junos OS Evolved:\u0026nbsp;\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.4R3-S7-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.2 before 22.2R3-S4-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.3 before 22.3R3-S3-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S2-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S1-EVO,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "An Incorrect Calculation vulnerability in the Layer 2 Control\n\nProtocol \n\n Daemon (l2cpd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker flapping the management interface to cause the learning of new MACs over label-switched interfaces (LSI) to stop while generating a\u00a0flood of logs, resulting in high CPU usage.\n\nWhen the issue is seen, the following log message will be generated:\n\nop:1 flag:0x6 mac:xx:xx:xx:xx:xx:xx bd:2 ifl:13302 reason:0(REASON_NONE) i-op:6(INTRNL_OP_HW_FORCE_DELETE) status:10 lstatus:10 err:26(GETIFBD_VALIDATE_FAILED) err-reason 4(IFBD_VALIDATE_FAIL_EPOCH_MISMATCH) hw_wr:0x4 ctxsync:0 fwdsync:0 rtt-id:51 p_ifl:0 fwd_nh:0 svlbnh:0 event:- smask:0x100000000 dmask:0x0 mplsmask 0x1 act:0x5800 extf:0x0 pfe-id 0 hw-notif-ifl 13302 programmed-ifl 4294967295 pseudo-vtep underlay-ifl-idx 0 stack:GET_MAC, ALLOCATE_MAC, GET_IFL, GET_IFF, GET_IFBD, STOP, \n\n\nThis issue affects Junos OS Evolved:\u00a0\n\n * all versions before 21.4R3-S7-EVO,\u00a0\n * from 22.2 before 22.2R3-S4-EVO,\u00a0\n * from 22.3 before 22.3R3-S3-EVO,\u00a0\n * from 22.4 before 22.4R3-S2-EVO,\u00a0\n * from 23.2 before 23.2R2-S1-EVO,\u00a0\n * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "AMBER",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Amber",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-682",
"description": "CWE-682 Incorrect Calculation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:23:54.924Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA106010"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA106010"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S2-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.3R3-S3-EVO, 22.4R3-S2-EVO, 23.2R2-S1-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.2R1-EVO, and all subsequent releases."
}
],
"source": {
"advisory": "JSA106010",
"defect": [
"1802153"
],
"discovery": "USER"
},
"title": "Junos OS Evolved: Flapping management interface causes MAC learning on label-switched interfaces to stop",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "There are no known workarounds for this issue.\u003cbr\u003e"
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2026-21911",
"datePublished": "2026-01-15T20:23:54.924Z",
"dateReserved": "2026-01-05T17:32:48.710Z",
"dateUpdated": "2026-01-15T20:51:32.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-21906 (GCVE-0-2026-21906)
Vulnerability from cvelistv5 – Published: 2026-01-15 20:20 – Updated: 2026-01-16 16:20
VLAI?
EPSS
Title
Junos OS: SRX Series: With GRE performance acceleration enabled, receipt of a specific ICMP packet causes the PFE to crash
Summary
An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker sending a specific ICMP packet through a GRE tunnel to cause the PFE to crash and restart.
When PowerMode IPsec (PMI) and GRE performance acceleration are enabled and the device receives a specific ICMP packet, a crash occurs in the SRX PFE, resulting in traffic loss. PMI is enabled by default, and GRE performance acceleration can be enabled by running the configuration command shown below. PMI is a mode of operation that provides IPsec performance improvements using Vector Packet Processing.
Note that PMI with GRE performance acceleration is only supported on specific SRX platforms.
This issue affects Junos OS on the SRX Series:
* all versions before 21.4R3-S12,
* from 22.4 before 22.4R3-S8,
* from 23.2 before 23.2R2-S5,
* from 23.4 before 23.4R2-S5,
* from 24.2 before 24.2R2-S3,
* from 24.4 before 24.4R2-S1,
* from 25.2 before 25.2R1-S1, 25.2R2.
Severity ?
CWE
- CWE-755 - Improper Handling of Exceptional Conditions
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
0 , < 21.4R3-S12
(semver)
Affected: 22.4 , < 22.4R3-S8 (semver) Affected: 23.2 , < 23.2R2-S5 (semver) Affected: 23.4 , < 23.4R2-S5 (semver) Affected: 24.2 , < 24.2R2-S3 (semver) Affected: 24.4 , < 24.4R2-S1 (semver) Affected: 25.2 , < 25.2R1-S1, 25.2R2 (semver) |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-21906",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-16T16:20:08.090037Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-16T16:20:14.792Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"SRX Series"
],
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "21.4R3-S12",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "22.4R3-S8",
"status": "affected",
"version": "22.4",
"versionType": "semver"
},
{
"lessThan": "23.2R2-S5",
"status": "affected",
"version": "23.2",
"versionType": "semver"
},
{
"lessThan": "23.4R2-S5",
"status": "affected",
"version": "23.4",
"versionType": "semver"
},
{
"lessThan": "24.2R2-S3",
"status": "affected",
"version": "24.2",
"versionType": "semver"
},
{
"lessThan": "24.4R2-S1",
"status": "affected",
"version": "24.4",
"versionType": "semver"
},
{
"lessThan": "25.2R1-S1, 25.2R2",
"status": "affected",
"version": "25.2",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This issue requires GRE performance acceleration to be enabled:\u003cbr\u003e\u003cbr\u003e\n\n\u003ctt\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e[set security flow gre-performance-acceleration]\u003c/span\u003e\u003c/tt\u003e"
}
],
"value": "This issue requires GRE performance acceleration to be enabled:\n\n\n\n[set security flow gre-performance-acceleration]"
}
],
"datePublic": "2026-01-14T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eAn Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker sending a specific ICMP packet through a GRE tunnel to cause the PFE to crash and restart.\u003c/span\u003e\u003cbr\u003e\u003cbr\u003eWhen PowerMode IPsec (PMI) and GRE performance acceleration are enabled and the device receives a specific ICMP packet, a crash occurs in the SRX PFE, resulting in traffic loss. PMI is enabled by default, and GRE performance acceleration can be enabled by running the configuration command shown below.\u0026nbsp;PMI is a mode of operation that provides IPsec performance improvements using Vector Packet Processing.\u003cbr\u003e\u003cbr\u003eNote that PMI with GRE performance acceleration is only supported on specific SRX platforms.\u003cbr\u003e\u003cp\u003eThis issue affects Junos OS on the SRX Series:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eall versions before 21.4R3-S12,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 22.4 before 22.4R3-S8,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.2 before 23.2R2-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 23.4 before 23.4R2-S5,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.2 before 24.2R2-S3,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 24.4 before 24.4R2-S1,\u0026nbsp;\u003c/li\u003e\u003cli\u003efrom 25.2 before 25.2R1-S1, 25.2R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e"
}
],
"value": "An Improper Handling of Exceptional Conditions vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated network-based attacker sending a specific ICMP packet through a GRE tunnel to cause the PFE to crash and restart.\n\nWhen PowerMode IPsec (PMI) and GRE performance acceleration are enabled and the device receives a specific ICMP packet, a crash occurs in the SRX PFE, resulting in traffic loss. PMI is enabled by default, and GRE performance acceleration can be enabled by running the configuration command shown below.\u00a0PMI is a mode of operation that provides IPsec performance improvements using Vector Packet Processing.\n\nNote that PMI with GRE performance acceleration is only supported on specific SRX platforms.\nThis issue affects Junos OS on the SRX Series:\n\n\n\n * all versions before 21.4R3-S12,\u00a0\n * from 22.4 before 22.4R3-S8,\u00a0\n * from 23.2 before 23.2R2-S5,\u00a0\n * from 23.4 before 23.4R2-S5,\u00a0\n * from 24.2 before 24.2R2-S3,\u00a0\n * from 24.4 before 24.4R2-S1,\u00a0\n * from 25.2 before 25.2R1-S1, 25.2R2."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "AUTOMATIC",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "CONCENTRATED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "MODERATE"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-15T20:20:32.530Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA106005"
},
{
"tags": [
"technical-description"
],
"url": "https://www.juniper.net/documentation/us/en/software/junos/vpn-ipsec/topics/topic-map/security-powermode-ipsec-vpn.html"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://kb.juniper.net/JSA106005"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.4R3-S12, 22.4R3-S8, 23.2R2-S5, 23.4R2-S5, 24.2R2-S3, 24.4R2-S1, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases."
}
],
"value": "The following software releases have been updated to resolve this specific issue: Junos OS 21.4R3-S12, 22.4R3-S8, 23.2R2-S5, 23.4R2-S5, 24.2R2-S3, 24.4R2-S1, 25.2R1-S1, 25.2R2, 25.4R1, and all subsequent releases."
}
],
"source": {
"advisory": "JSA106005",
"defect": [
"1868005"
],
"discovery": "INTERNAL"
},
"title": "Junos OS: SRX Series: With GRE performance acceleration enabled, receipt of a specific ICMP packet causes the PFE to crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003cli\u003eDisable GRE performance acceleration via \u0027\u003ctt\u003edeactivate security flow gre-performance-acceleration\u003c/tt\u003e\u0027\u003cbr\u003eor\u003c/li\u003e\u003cli\u003eDisable PMI:via \u0027\u003ctt\u003eset security flow power-mode-disable\u003c/tt\u003e\u0027\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "* Disable GRE performance acceleration via \u0027deactivate security flow gre-performance-acceleration\u0027\nor\n * Disable PMI:via \u0027set security flow power-mode-disable\u0027"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2026-21906",
"datePublished": "2026-01-15T20:20:32.530Z",
"dateReserved": "2026-01-05T17:32:48.710Z",
"dateUpdated": "2026-01-16T16:20:14.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…