THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-39549

Junos OS and Junos OS Evolved: Receipt of malformed BGP path attributes leads to a memory leak

Assignerjuniper
Reserved2024-06-25
Published2024-07-11
Updated2024-07-16

Description

A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS). Consumed memory can be freed by manually restarting Routing Protocol Daemon (rpd). Memory utilization could be monitored by:  user@host> show system memory or show system monitor memory status This issue affects: Junos OS:  * All versions before 21.2R3-S8,  * from 21.4 before 21.4R3-S8, * from 22.2 before 22.2R3-S4,  * from 22.3 before 22.3R3-S3,  * from 22.4 before 22.4R3-S3, * from 23.2 before 23.2R2-S1,  * from 23.4 before 23.4R1-S2, 23.4R2, * from 24.2 before 24.2R2-EVO. Junos OS Evolved: * All versions before 21.2R3-S8-EVO, * from 21.4 before 21.4R3-S8-EVO, * from 22.2 before 22.2R3-S4-EVO, * from 22.3 before 22.3R3-S3-EVO, * from 22.4 before 22.4R3-S3-EVO, * from 23.2 before 23.2R2-S1-EVO, * from 23.4 before 23.4R1-S2, 23.4R2, * from 24.2 before 24.2R2-EVO.



HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:U

Problem types

CWE-401: Missing Release of Memory after Effective Lifetime

Product status

Default status
unaffected

Any version before 21.2R3-S8
affected

21.4 before 21.4R3-S8
affected

22.2 before 22.2R3-S4
affected

22.3 before 22.3R3-S3
affected

22.4 before 22.4R3-S3
affected

23.2 before 23.2R2-S1
affected

23.4 before 23.4R1-S2, 23.4R2
affected

24.2 before 24.2R2
affected

Default status
unaffected

Any version before 21.2R3-S8-EVO
affected

21.4 before 21.4R3-S8-EVO
affected

22.2 before 22.2R3-S4-EVO
affected

22.3 before 22.3R3-S3-EVO
affected

22.4 before 22.4R3-S3-EVO
affected

23.2 before 23.2R2-S1-EVO
affected

23.4 before 23.4R1-S2-EVO, 23.4R2-EVO
affected

24.2 before 24.2R2-EVO
affected

References

https://supportportal.juniper.net/JSA83011 vendor-advisory

cve.org CVE-2024-39549

nvd.nist.gov CVE-2024-39549

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-39549
© Copyright 2024 THREATINT. Made in Cyprus with +