CVE-2024-39539: A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to…

medium6CVSS 4.0

AVAACLATPPRNUINVCNVINVAHSCNSINSALEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX

A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).

In a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart.

This issue affects Junos OS on MX Series:


* All version before 21.2R3-S6,
* 21.4 versions before 21.4R3-S6,
* 22.1 versions before 22.1R3-S5,
* 22.2 versions before 22.2R3-S3,
* 22.3 versions before 22.3R3-S2,
* 22.4 versions before 22.4R3,
* 23.2 versions before 23.2R2.

Affected

17 ranges

Vendor	Product	Version range	Fixed in
juniper	junos	< 21.2	21.2
juniper	junos	—	—
juniper	junos	—	—
juniper	junos	—	—
juniper	junos	—	—
juniper	junos	—	—
juniper	junos	—	—
juniper	junos	—	—
juniper	junos_os	—	—
juniper	mx_series	—	—
juniper_networks	junos_os	< 21.2R3-S6	21.2R3-S6
juniper_networks	junos_os	>= 21.4 < 21.4R3-S6	21.4R3-S6
juniper_networks	junos_os	>= 22.1 < 22.1R3-S5	22.1R3-S5
juniper_networks	junos_os	>= 22.2 < 22.2R3-S3	22.2R3-S3
juniper_networks	junos_os	>= 22.3 < 22.3R3-S2	22.3R3-S2
juniper_networks	junos_os	>= 22.4 < 22.4R3	22.4R3
juniper_networks	junos_os	>= 23.2 < 23.2R2	23.2R2