CVE-2026-33780

Summary

A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS).

In an EVPN-MPLS scenario, routes learned from remote multi-homed Provider Edge (PE) devices are programmed as ESI routes. Due to a logic issue in the l2ald memory management, memory allocated for these routes is not released when there is churn for these routes. As a result, memory leaks in the l2ald process which will ultimately lead to a crash and restart of l2ald.

Use the following command to monitor the memory consumption by l2ald:

user@device> show system process extensive | match "PID|l2ald"

This issue affects:

Junos OS:

  • all versions before 22.4R3-S5,
  • 23.2 versions before 23.2R2-S3,
  • 23.4 versions before 23.4R2-S4,
  • 24.2 versions before 24.2R2;

Junos OS Evolved:

  • all versions before 22.4R3-S5-EVO,
  • 23.2 versions before 23.2R2-S3-EVO,
  • 23.4 versions before 23.4R2-S4-EVO,
  • 24.2 versions before 24.2R2-EVO.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS0 < 22.4R3-S5affected
Juniper NetworksJunos OS23.2 < 23.2R2-S3affected
Juniper NetworksJunos OS23.4 < 23.4R2-S4affected
Juniper NetworksJunos OS24.2 < 24.2R2affected
Juniper NetworksJunos OS Evolvedall version prior to < 22.4R3-S5-EVOaffected
Juniper NetworksJunos OS Evolved23.2 < 23.2R2-S3-EVOaffected
Juniper NetworksJunos OS Evolved23.4 < 23.4R2-S4-EVOaffected
Juniper NetworksJunos OS Evolved24.2 < 24.2R2-EVOaffected

Weaknesses

  • CWE-401: CWE-401 Missing Release of Memory after Effective Lifetime

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References