CVE-2024-39564

Summary

This is a similar, but different vulnerability than the issue reported as CVE-2024-39549.

A double-free vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This double free of memory is causing an rpd crash, leading to a Denial of Service (DoS).

This issue affects:

Junos OS:  * from 22.4 before 22.4R3-S4.

Junos OS Evolved: * from 22.4 before 22.4R3-S4-EVO.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS22.4 < 22.4R3-S4affected
Juniper NetworksJunos OS Evolved22.4 < 22.4R3-S3-EVOaffected

Weaknesses

  • CWE-415: CWE-415: Double Free

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References