Ce mail provient de l'extérieur, restons vigilants ===================================================================== CERT-Renater Note d'Information No. 2025/VULN225 _____________________________________________________________________ DATE : 10/04/2025 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Junos OS versions prior to 21.2R3-S9, 21.4R3-S9, 22.2R3-S5, 22.4R3-S6, 23.2R2-S3, 23.4R2, 24.2R1. ===================================================================== https://supportportal.juniper.net/s/article/2025-04-Security-Bulletin-Junos-OS-SRX-Series-Transmission-of-specific-control-traffic-sent-out-of-a-DS-Lite-tunnel-results-in-flowd-crash-CVE-2025-30645?language=en_US _____________________________________________________________________ 2025-04 Security Bulletin: Junos OS: SRX Series: Transmission of specific control traffic sent out of a DS-Lite tunnel results in flowd crash (CVE-2025-30645) Article ID JSA96455 Created 2025-04-09 Last Updated 2025-04-09 Product Affected This issue affects all versions of Junos OS. Affected platforms: SRX Series. Severity High Severity Assessment (CVSS) Score CVSS: v3.1: 7.5 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) CVSS: v4.0: 8.7 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/AU:Y/R:A/V:C/RE:M/U:Green) Problem A NULL Pointer Dereference vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker causing specific, valid control traffic to be sent out of a Dual-Stack (DS) Lite tunnel to crash the flowd process, resulting in a Denial of Service (DoS). Continuous triggering of specific control traffic will create a sustained Denial of Service (DoS) condition. On all SRX platforms, when specific, valid control traffic needs to be sent out of a DS-Lite tunnel, a segmentation fault occurs within the flowd process, resulting in a network outage until the flowd process restarts. This issue affects Junos OS on SRX Series: All versions before 21.2R3-S9, from 21.4 before 21.4R3-S9, from 22.2 before 22.2R3-S5, from 22.4 before 22.4R3-S6, from 23.2 before 23.2R2-S3, from 23.4 before 23.4R2. Exploitation of this issue requires DS-Lite tunneling to be configured: [ services softwire softwire-concentrator ds-lite ...] Juniper SIRT is not aware of any malicious exploitation of this vulnerability. This issue was found during internal product security testing or research. Solution The following software releases have been updated to resolve this specific issue: Junos OS 21.2R3-S9, 21.4R3-S9, 22.2R3-S5, 22.4R3-S6, 23.2R2-S3, 23.4R2, 24.2R1, and all subsequent releases. This issue is being tracked as 1779792 which is visible on the Customer Support website. Note: Juniper SIRT's policy is not to evaluate releases which are beyond End of Engineering (EOE) or End of Life (EOL). Workaround There are no known workarounds for this issue. Severity Assessment Information for how Juniper Networks uses CVSS can be found at KB 16446 "Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories." Modification History 2025-04-09: Initial Publication Related Information KB16613: Overview of the Juniper Networks SIRT Quarterly Security Bulletin Publication Process KB16765: In which releases are vulnerabilities fixed? KB16446: Common Vulnerability Scoring System (CVSS) and Juniper's Security Advisories Report a Security Vulnerability - How to Contact the Juniper Networks Security Incident Response Team ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================