CVE-2024-39550

Name of the Vulnerable Software and Affected Versions Junos OS on MX Series with SPC3 line card versions 21.2R3 through 21.2R3-S7 Junos OS on MX Series with SPC3 line card versions 21.4R2 through 21.4R3-S5 Junos OS on MX Series with SPC3 line card versions 22.1 through 22.1R3-S4 Junos OS on MX Series with SPC3 line card versions 22.2 through 22.2R3-S2 Junos OS on MX Series with SPC3 line card versions 22.3 through 22.3R3-S1 Junos OS on MX Series with SPC3 line card versions 22.4 through 22.4R3 Junos OS on MX Series with SPC3 line card versions 23.2 through 23.2R1 Junos OS on MX Series with SPC3 line card versions 23.4 through 23.4R1

Description A Missing Release of Memory after Effective Lifetime issue in the rtlogd process of Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events, causing a slow memory leak, ultimately leading to a Denial of Service (DoS). The memory usage can be monitored using the command "show system processes extensive | match rtlog".

Recommendations For versions 21.2R3 through 21.2R3-S7, update to version 21.2R3-S8 or later. For versions 21.4R2 through 21.4R3-S5, update to version 21.4R3-S6 or later. For versions 22.1 through 22.1R3-S4, update to version 22.1R3-S5 or later. For versions 22.2 through 22.2R3-S2, update to version 22.2R3-S3 or later. For versions 22.3 through 22.3R3-S1, update to version 22.3R3-S2 or later. For versions 22.4 through 22.4R3, update to version 22.4R3-S1 or later. For versions 23.2 through 23.2R1, update to version 23.2R2 or later. For versions 23.4 through 23.4R1, update to version 23.4R2 or later. As a temporary workaround, consider manually restarting the rtlogd process to recover memory.