A Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the SIP application layer gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series with MX-SPC3 or MS-MPC allows an unauthenticated network-based attacker sending specific SIP messages over TCP to crash the flow management process, leading to a Denial of Service (DoS).
On SRX Series, and MX Series with MX-SPC3 or MS-MPC service cards, receipt of multiple SIP messages causes the SIP headers to be parsed incorrectly, eventually causing a continuous loop and leading to a watchdog timer expiration, crashing the flowd process on SRX Series and MX Series with MX-SPC3, or mspmand process on MX Series with MS-MPC.
This issue only occurs over TCP. SIP messages sent over UDP cannot trigger this issue.
This issue affects Junos OS on SRX Series and MX Series with MX-SPC3 and MS-MPC:
* all versions before 21.2R3-S10,
* from 21.4 before 21.4R3-S12,
* from 22.4 before 22.4R3-S8,
* from 23.2 before 23.2R2-S5,
* from 23.4 before 23.4R2-S6,
* from 24.2 before 24.2R2-S3,
* from 24.4 before 24.4R2-S1,
* from 25.2 before 25.2R1-S1, 25.2R2.
References
| Link | Resource |
|---|---|
| https://kb.juniper.net/JSA106004 | Vendor Advisory |
| https://supportportal.juniper.net/JSA106004 | Vendor Advisory |
Configurations
Configuration 1 (hide)
| AND |
|
History
No history.
Information
Published : 2026-01-15 21:16
Updated : 2026-01-23 19:40
NVD link : CVE-2026-21905
Mitre link : CVE-2026-21905
CVE.ORG link : CVE-2026-21905
JSON object : View
Products Affected
juniper
- srx4120
- mx2020
- srx340
- mx480
- srx5600
- srx4700
- srx345
- srx380
- srx5400
- srx2300
- mx960
- srx4600
- junos
- srx320
- mx10008
- mx10004
- srx1500
- srx4300
- srx4200
- srx5800
- mx240
- srx4100
- srx300
- mx2010
- mx304
- mx2008
- mx204
- srx1600
CWE
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')