CVE-2025-30656

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 21.2R3-S9 Junos OS versions 21.4 prior to 21.4R3-S10 Junos OS versions 22.2 prior to 22.2R3-S6 Junos OS versions 22.4 prior to 22.4R3-S5 Junos OS versions 23.2 prior to 23.2R2-S3 Junos OS versions 23.4 prior to 23.4R2-S3 Junos OS versions 24.2 prior to 24.2R1-S2, 24.2R2

Description: An Improper Handling of Additional Special Element vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS). If the SIP ALG processes specifically formatted SIP invites, a memory corruption will occur, leading to a crash of the FPC processing these packets. Although the system will automatically recover with the restart of the FPC, subsequent SIP invites will cause the crash again and lead to a sustained DoS.

Recommendations: For Junos OS versions prior to 21.2R3-S9, update to version 21.2R3-S9 or later. For Junos OS versions 21.4 prior to 21.4R3-S10, update to version 21.4R3-S10 or later. For Junos OS versions 22.2 prior to 22.2R3-S6, update to version 22.2R3-S6 or later. For Junos OS versions 22.4 prior to 22.4R3-S5, update to version 22.4R3-S5 or later. For Junos OS versions 23.2 prior to 23.2R2-S3, update to version 23.2R2-S3 or later. For Junos OS versions 23.4 prior to 23.4R2-S3, update to version 23.4R2-S3 or later. For Junos OS versions 24.2 prior to 24.2R1-S2, 24.2R2, update to a version later than 24.2R2.