THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-39518

Junos OS: MX240, MX480, MX960 platforms using MPC10E: Memory leak will be observed when subscribed to a specific subscription on Junos Telemetry Interface

Assignerjuniper
Reserved2024-06-25
Published2024-07-10
Updated2024-07-12

Description

A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial of Service (DoS). When the device is subscribed to a specific subscription on Junos Telemetry Interface, a slow memory leak occurs and eventually all resources are consumed and the device becomes unresponsive. A manual reboot of the Line Card will be required to restore the device to its normal functioning.  This issue is only seen when telemetry subscription is active. The Heap memory utilization can be monitored using the following command:   > show system processes extensive The following command can be used to monitor the memory utilization of the specific sensor   > show system info | match sensord PID NAME MEMORY PEAK MEMORY %CPU THREAD-COUNT CORE-AFFINITY UPTIME 1986 sensord 877.57MB 877.57MB 2 4 0,2-15 7-21:41:32 This issue affects Junos OS:  * from 21.2R3-S5 before 21.2R3-S7,  * from 21.4R3-S4 before 21.4R3-S6,  * from 22.2R3 before 22.2R3-S4,  * from 22.3R2 before 22.3R3-S2,  * from 22.4R1 before 22.4R3,  * from 23.2R1 before 23.2R2.



HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Problem types

CWE-122 Heap-based Buffer Overflow

Product status

Default status
unaffected

21.2R3-S5 before 21.2R3-S7
affected

21.4R3-S4 before 21.4R3-S6
affected

22.2R3 before 22.2R3-S4
affected

22.3R2 before 22.3R3-S2
affected

22.4R1 before 22.4R3
affected

23.2R1 before 23.2R2
affected

References

https://supportportal.juniper.net/JSA82982 vendor-advisory

cve.org CVE-2024-39518

nvd.nist.gov CVE-2024-39518

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-39518
© Copyright 2024 THREATINT. Made in Cyprus with +