CVE-2024-39536 — Missing Release of Memory after Effective Lifetime in Networks Junos OS

CWE-401 — Missing Release of Memory after Effective Lifetime4 documents4 sources

Severity

6.0MEDIUMNVD

EPSS

0.2%

top 63.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedJul 11

Description

A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). When a BFD session configured with authentication flaps, ppmd memory can leak. Whether the leak happens depends on a race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the…

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolved21.2-EVO — 21.2R3-S8-EVO+5

▶NVDjuniper/junos_os_evolved< 21.2+5

▶CVEListV5juniper_networks/junos_os21.4 — 21.4R3-S7+5

▶NVDjuniper/junos< 21.2+5

🔴Vulnerability Details

GHSA

GHSA-vpjj-mfgj-j3mj: A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Ju↗2024-07-11

▶

CVEList

Junos OS and Junos OS Evolved: Flaps of BFD sessions with authentication cause a ppmd memory leak↗2024-07-11

▶

📋Vendor Advisories

Juniper

CVE-2024-39536: A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Ju↗2024-07-11

▶