CVE-2024-21613 — Missing Release of Memory after Effective Lifetime in Networks Junos OS

CWE-401 — Missing Release of Memory after Effective Lifetime4 documents4 sources

Severity

6.5MEDIUMNVD

EPSS

0.0%

top 85.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedJan 12

Description

A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when traffic engineering is enabled for OSPF or ISIS, and a link flaps, a patroot memory leak is observed. This memory leak, over time, will lead to an rpd crash and restart. The memory usage can …

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolved21.4 — 21.4R3-EVO+3

▶CVEListV5juniper_networks/junos_os21.3 — 21.3R3-S5+4

▶NVDjuniper/junos_os_evolved4 versions+3

▶NVDjuniper/junos5 versions+4

🔴Vulnerability Details

CVEList

Junos OS and Junos OS Evolved: A link flap causes patroot memory leak which leads to rpd crash↗2024-01-12

▶

GHSA

GHSA-54jf-p4cr-5xj6: A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved↗2024-01-12

▶

📋Vendor Advisories

Juniper

CVE-2024-21613: A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved↗2024-01-12

▶