CVE-2026-33775

Summary

A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).

If the authentication packet-type option is configured and a received packet does not match that packet type, the memory leak occurs. When all memory

available to bbe-smgd has been consumed, no new subscribers will be able to login.

The memory utilization of bbe-smgd can be monitored with the following show command:

user@host> show system processes extensive | match bbe-smgd

The below log message can be observed when this limit has been reached:

bbesmgd[<PID>]: %DAEMON-3-SMD_DPROF_RSMON_ERROR: Resource unavailability, Reason: Daemon Heap Memory exhaustion

This issue affects Junos OS on MX Series:

  • all versions before 22.4R3-S8,
  • 23.2 versions before 23.2R2-S5,
  • 23.4 versions before 23.4R2-S6,
  • 24.2 versions before 24.2R2-S2,
  • 24.4 versions before 24.4R2,
  • 25.2 versions before 25.2R2.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS0 < 22.4R3-S8affected
Juniper NetworksJunos OS23.2 < 23.2R2-S5affected
Juniper NetworksJunos OS23.4 < 23.4R2-S6affected
Juniper NetworksJunos OS24.2 < 24.2R2-S2affected
Juniper NetworksJunos OS24.4 < 24.4R2affected
Juniper NetworksJunos OS25.2 < 25.2R2affected

Weaknesses

  • CWE-401: CWE-401 Missing Release of Memory after Effective Lifetime

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References