DNS
CVE-2026-21920
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
If an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd will crash and restart, which causes a service interruption until the process has recovered.
This issue affects Junos OS on SRX Series:
- 23.4 versions before 23.4R2-S5,
- 24.2 versions before 24.2R2-S1,
- 24.4 versions before 24.4R2.
This issue does not affect Junos OS versions before 23.4R1.
AnalysisAI
Denial-of-service attacks against Juniper SRX Series devices running Junos OS 23.4 through 24.4 can be triggered remotely by sending a maliciously crafted DNS request, causing the flowd process to crash and interrupt service until recovery completes. The vulnerability stems from an unchecked return value in the DNS module that allows unauthenticated, network-based attackers to exploit DNS-enabled SRX configurations without any user interaction. No patch is currently available for affected versions.
Technical ContextAI
Classified as CWE-252 (Unchecked Return Value). Affects the DNS component of Junos. An Unchecked Return Value vulnerability in the DNS module of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (DoS).
If an SRX Series device configured for DNS processing, receives a specifically formatted DNS request flowd will crash and restart, which causes a service interruption until the process has recovered.
This issue affects Junos OS on SRX Series:
- 23.4 versions before 23.4R2-S5,
- 24.2 versions before
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Sandbox escape in Kata Containers allowing guest VM to access host resources. CVSS 10.0 — undermines the core security g
Buffer overflow in Ayukov NFTP client 1.71 in SYST command handling allows remote FTP servers to execute arbitrary code
Buffer overflow in Prime95 29.8 build 6 user ID field allows code execution. PoC available.
Stack overflow in Domain Quester Pro 6.02 via SEH overwrite. PoC available.
Cyberoam Authentication Client 2.1.2.7 has a buffer overflow allowing remote attackers to execute code through the netwo
Kingdia CD Extractor 3.0.2 has a buffer overflow in the registration name field. PoC available.
Ether MP3 CD Burner 1.3.8 has buffer overflow in registration enabling bind shell on port 3110 via SEH overwrite. PoC av
Buffer overflow in WMV to AVI MPEG DVD Convertor 4.6.1217 allows code execution via crafted media files. PoC available.
Stack-based buffer overflow in Nsauditor Network Auditing Tool 3.0.28 and 3.2.1.0 in the DNS Lookup tool allows attacker
Buffer overflow in Zephyr RTOS dns_unpack_name() function causing OOB writes. PoC available.
Stack-based buffer overflow in Tenda RX3 firmware 16.03.13.11 allows authenticated remote attackers to achieve full syst
Remote code execution in Tenda F453 1.0.0.3 DNS firmware via a buffer overflow in the /goform/SetIpBind endpoint allows
Same weakness CWE-252 – Unchecked Return Value
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today