CVE-2026-33782

Summary

A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticated attacker to cause a memory leak, that will eventually cause a complete Denial-of-Service (DoS).

In a DHCPv6 over PPPoE, or DHCPv6 over VLAN with Active lease query or Bulk lease query scenario, every subscriber logout will leak a small amount of memory. When all available memory has been exhausted, jdhcpd will crash and restart which causes a complete service impact until the process has recovered.

The memory usage of jdhcpd can be monitored with:

user@host> show system processes extensive | match jdhcpd

This issue affects Junos OS:

  • all versions before 22.4R3-S1,
  • 23.2 versions before 23.2R2,
  • 23.4 versions before 23.4R2.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS0 < 22.4R3-S1affected
Juniper NetworksJunos OS23.2 < 23.2R2affected
Juniper NetworksJunos OS23.4 < 23.4R2affected

Weaknesses

  • CWE-401: CWE-401 Missing Release of Memory after Effective Lifetime

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References