Junos OS: Processing of a specific BGP update causes the SRRD process to crash
An Improper Encoding or Escaping of Output vulnerability in the Sampling Route Record Daemon (SRRD) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
When a device configured for flow-monitoring receives a specific BGP update message, it is correctly processed internally by the routing protocol daemon (rpd), but when it's sent to SRRD it's encoded incorrectly which leads to a crash and momentary interruption of jflow processing until it automatically restarts. This issue does not affect traffic forwarding itself.
This issue affects Junos OS:
* All versions before 21.2R3-S9,
* 21.4 versions before 21.4R3-S10,
* 22.2 versions before 22.2R3-S6,
* 22.4 versions before 22.4R3,
* 23.2 versions before 23.2R1-S2, 23.2R2.
This issue does not affected Junos OS Evolved.
Problem Types
| Type | CWE ID | Description |
|---|
| CWE | CWE-116 | CWE-116 Improper Encoding or Escaping of Output |
Type: CWE
Description: CWE-116 Improper Encoding or Escaping of Output
Metrics
| Version | Base score | Base severity | Vector |
|---|
| 3.1 | 5.3 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
| 4.0 | 6.9 | MEDIUM | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:A/RE:M |
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/AU:Y/R:A/RE:M
Timeline
| Event | Date |
|---|
| Initial Publication | 2025-04-09 16:00:00 |
Event: Initial Publication
Date: 2025-04-09 16:00:00