CVE-2021-0293Missing Release of Memory after Effective Lifetime in Networks Junos OS

CWE-401Missing Release of Memory after Effective Lifetime4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.0%
top 85.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJul 15
Latest updateMay 24

Description

A vulnerability in Juniper Networks Junos OS caused by Missing Release of Memory after Effective Lifetime leads to a memory leak each time the CLI command 'show system connections extensive' is executed. The amount of memory leaked on each execution depends on the number of TCP connections from and to the system. Repeated execution will cause more memory to leak and eventually daemons that need to allocate additionally memory and ultimately the kernel to crash, which will result in traffic loss.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os18.318.3R3-S4+9
NVDjuniper/junos10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-g6v6-h69j-75qp: A vulnerability in Juniper Networks Junos OS caused by Missing Release of Memory after Effective Lifetime leads to a memory leak each time the CLI com2022-05-24
CVEList
Junos OS: Out-of-memory condition and crashes can occur after executing a certain CLI command repeatedly2021-07-15

📋Vendor Advisories

1
Juniper
CVE-2021-0293: A vulnerability in Juniper Networks Junos OS caused by Missing Release of Memory after Effective Lifetime leads to a memory leak each time the CLI com2021-07-15
CVE-2021-0293 — Juniper Networks Junos OS vulnerability | cvebase