CVE-2025-30644

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 21.4R3-S9 Junos OS versions from 22.2 before 22.2R3-S5 Junos OS versions from 22.4 before 22.4R3-S5 Junos OS versions from 23.2 before 23.2R2-S3 Junos OS versions from 23.4 before 23.4R2-S3 Junos OS versions from 24.2 before 24.2R2

Description: A Heap-based Buffer Overflow vulnerability in the flexible PIC concentrator (FPC) of Juniper Networks Junos OS allows an attacker to send a specific DHCP packet to the device, leading to an FPC crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. Under a rare timing scenario outside the attacker's control, memory corruption may be observed when DHCP Option 82 is enabled, leading to an FPC crash and affecting packet forwarding. Due to the nature of the heap-based overflow, exploitation of this vulnerability could also lead to remote code execution within the FPC, resulting in complete control of the vulnerable component.

Recommendations: For versions prior to 21.4R3-S9, update to version 21.4R3-S9 or later. For versions from 22.2 before 22.2R3-S5, update to version 22.2R3-S5 or later. For versions from 22.4 before 22.4R3-S5, update to version 22.4R3-S5 or later. For versions from 23.2 before 23.2R2-S3, update to version 23.2R2-S3 or later. For versions from 23.4 before 23.4R2-S3, update to version 23.4R2-S3 or later. For versions from 24.2 before 24.2R2, update to version 24.2R2 or later.