CVE-2024-21613
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of Service (DoS).
On all Junos OS and Junos OS Evolved platforms, when traffic engineering is enabled for OSPF or ISIS, and a link flaps, a patroot memory leak is observed. This memory leak, over time, will lead to an rpd crash and restart.
The memory usage can be monitored using the below command.
user@host> show task memory detail | match patroot This issue affects:
Juniper Networks Junos OS
- All versions earlier than 21.2R3-S3;
- 21.3 versions earlier than 21.3R3-S5;
- 21.4 versions earlier than 21.4R3-S3;
- 22.1 versions earlier than 22.1R3;
- 22.2 versions earlier than 22.2R3.
Juniper Networks Junos OS Evolved
- All versions earlier than 21.3R3-S5-EVO;
- 21.4 versions earlier than 21.4R3-EVO;
- 22.1 versions earlier than 22.1R3-EVO;
- 22.2 versions earlier than 22.2R3-EVO.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS | 0 < 21.2R3-S3 | affected |
| Juniper Networks | Junos OS | 21.3 < 21.3R3-S5 | affected |
| Juniper Networks | Junos OS | 21.4 < 21.4R3-S3 | affected |
| Juniper Networks | Junos OS | 22.1 < 22.1R3 | affected |
| Juniper Networks | Junos OS | 22.2 < 22.2R3 | affected |
| Juniper Networks | Junos OS Evolved | 0 < 21.3R3-S5-EVO | affected |
| Juniper Networks | Junos OS Evolved | 21.4 < 21.4R3-EVO | affected |
| Juniper Networks | Junos OS Evolved | 22.1 < 22.1R3-EVO | affected |
| Juniper Networks | Junos OS Evolved | 22.2 < 22.2R3-EVO | affected |
Weaknesses
- CWE-401: CWE-401 Missing Release of Memory after Effective Lifetime
- Denial of Service (DoS)
Workarounds
There are no known workarounds for this issue.
ADP Enrichment
CVE Program Container
Additional References
- https://supportportal.juniper.net/JSA75754
- https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://supportportal.juniper.net/JSA75754
- https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.