CVE-2023-28982 — Missing Release of Memory after Effective Lifetime in Networks Junos OS

CWE-401 — Missing Release of Memory after Effective Lifetime4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 42.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedApr 17

Latest updateApr 18

Description

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). In a BGP rib sharding scenario, when an attribute of an active BGP route is updated memory will leak. As rpd memory usage increases over time the rpd process will eventually run out of memory, crash, and restart. The memory utilization can be monitored with the foll…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolved20.3R1-EVO — 20.3-EVO*+3

▶CVEListV5juniper_networks/junos_os20.3 — 20.3R3-S2+4

▶NVDjuniper/junos_os_evolved4 versions+3

▶NVDjuniper/junos5 versions+4

🔴Vulnerability Details

GHSA

GHSA-jq9m-h332-223f: A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved al↗2023-04-18

▶

CVEList

Junos OS and Junos OS Evolved: In a BGP rib sharding scenario when a route is frequently updated an rpd memory leak will occur↗2023-04-17

▶

📋Vendor Advisories

Juniper

CVE-2023-28982: A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon of Juniper Networks Junos OS and Junos OS Evolved al↗2023-04-17

▶