CVE-2024-39539Missing Release of Memory after Effective Lifetime in Networks Junos OS

CWE-401Missing Release of Memory after Effective Lifetime4 documents4 sources
Severity
6.0MEDIUMNVD
EPSS
0.1%
top 64.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJul 11

Description

A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS). In a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart. This issue affects Junos OS on MX Series: * All version before 21.2R3-S6, * 21.4 versions before 21.4R3-S6, * 22.1 versions before 22.1R3-S5, * 22.2 versions before 2

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

Affected Packages2 packages

CVEListV5juniper_networks/junos_os21.421.4R3-S6+6
NVDjuniper/junos< 21.2+7

🔴Vulnerability Details

2
GHSA
GHSA-5gvg-fggq-r6f6: A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attack2024-07-11
CVEList
Junos OS: MX Series: Continuous subscriber logins will lead to a memory leak and eventually an FPC crash2024-07-11

📋Vendor Advisories

1
Juniper
CVE-2024-39539: A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attack2024-07-11
CVE-2024-39539 — Networks Junos OS vulnerability | cvebase