THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE
PUBLISHED

CVE-2024-39557

Junos OS Evolved: MAC table changes cause a memory leak

Assignerjuniper
Reserved2024-06-25
Published2024-07-10
Updated2024-07-12

Description

An Uncontrolled Resource Consumption vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service (DoS). Certain MAC table updates cause a small amount of memory to leak.  Once memory utilization reaches its limit, the issue will result in a system crash and restart. To identify the issue, execute the CLI command: user@device> show platform application-info allocations app l2ald-agent EVL Object Allocation Statistics: Node   Application     Context Name                               Live   Allocs   Fails     Guids re0   l2ald-agent               net::juniper::rtnh::L2Rtinfo       1069096 1069302   0         1069302 re0   l2ald-agent               net::juniper::rtnh::NHOpaqueTlv     114     195       0         195 This issue affects Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO.



MEDIUM: 6.5CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
HIGH: 7.1CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A

Problem types

CWE-400 Uncontrolled Resource Consumption

Product status

Default status
unaffected

Any version before 21.4R3-S8-EVO
affected

22.2-EVO before 22.2R3-S4-EVO
affected

22.3-EVO before 22.3R3-S3-EVO
affected

22.4-EVO before 22.4R3-EVO
affected

23.2-EVO before 23.2R2-EVO
affected

References

https://supportportal.juniper.net/JSA83017 vendor-advisory

cve.org CVE-2024-39557

nvd.nist.gov CVE-2024-39557

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-39557
© Copyright 2024 THREATINT. Made in Cyprus with +