CVE-2026-21909

Summary

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt and processing of these packets will exhaust all available memory, crashing rpd and creating a Denial of Service (DoS) condition.

Memory usage can be monitored through the use of the 'show task memory detail' command. For example:

user@junos> show task memory detail | match ted-infra   TED-INFRA-COOKIE           25   1072     28   1184     229

user@junos>

show task memory detail | match ted-infra   TED-INFRA-COOKIE           31   1360     34   1472     307

This issue affects:

Junos OS: 

  • from 23.2 before 23.2R2, 
  • from 23.4 before 23.4R1-S2, 23.4R2, 
  • from 24.1 before 24.1R2; 

Junos OS Evolved: 

  • from 23.2 before 23.2R2-EVO, 
  • from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO, 
  • from 24.1 before 24.1R2-EVO.

This issue does not affect Junos OS versions before 23.2R1 or Junos OS Evolved versions before 23.2R1-EVO.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS23.2 < 23.2R2affected
Juniper NetworksJunos OS23.4 < 23.4R1-S2, 23.4R2affected
Juniper NetworksJunos OS24.1 < 24.1R2affected
Juniper NetworksJunos OS0 < 23.2R1unaffected
Juniper NetworksJunos OS Evolved23.2 < 23.2R2-EVOaffected
Juniper NetworksJunos OS Evolved23.4 < 23.4R1-S2-EVO, 23.4R2-EVOaffected
Juniper NetworksJunos OS Evolved24.1 < 24.1R2-EVOaffected
Juniper NetworksJunos OS Evolved0 < 23.2R1-EVOunaffected

Weaknesses

  • CWE-401: CWE-401 Missing Release of Memory after Effective Lifetime

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References