CVE-2024-39536

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 21.2R3-S8 Junos OS versions 21.4 prior to 21.4R3-S7 Junos OS versions 22.1 prior to 22.1R3-S4 Junos OS versions 22.2 prior to 22.2R3-S4 Junos OS versions 22.3 prior to 22.3R3 Junos OS versions 22.4 prior to 22.4R2-S2, 22.4R3 Junos OS Evolved versions prior to 21.2R3-S8-EVO Junos OS Evolved versions 21.4-EVO prior to 21.4R3-S7-EVO Junos OS Evolved versions 22.2-EVO prior to 22.2R3-S4-EVO Junos OS Evolved versions 22.3-EVO prior to 22.3R3-EVO Junos OS Evolved versions 22.4-EVO prior to 22.4R3-EVO

Description The issue is related to a Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved. This vulnerability allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS) when a BFD session configured with authentication flaps, causing ppmd memory to leak. The leak depends on a race condition outside the attacker's control and only affects BFD operating in distributed or inline mode. The leak can be monitored using the CLI command show ppm request-queue, where a continuously increasing number of pending requests indicates the leak.

Recommendations For Junos OS versions prior to 21.2R3-S8, update to version 21.2R3-S8 or later. For Junos OS versions 21.4 prior to 21.4R3-S7, update to version 21.4R3-S7 or later. For Junos OS versions 22.1 prior to 22.1R3-S4, update to version 22.1R3-S4 or later. For Junos OS versions 22.2 prior to 22.2R3-S4, update to version 22.2R3-S4 or later. For Junos OS versions 22.3 prior to 22.3R3, update to version 22.3R3 or later. For Junos OS versions 22.4 prior to 22.4R2-S2, 22.4R3, update to version 22.4R2-S2, 22.4R3 or later. For Junos OS Evolved versions prior to 21.2R3-S8-EVO, update to version 21.2R3-S8-EVO or later. For Junos OS Evolved versions 21.4-EVO prior to 21.4R3-S7-EVO, update to version 21.4R3-S7-EVO or later. For Junos OS Evolved versions 22.2-EVO prior to 22.2R3-S4-EVO, update to version 22.2R3-S4-EVO or later. For Junos OS Evolved versions 22.3-EVO prior to 22.3R3-EVO, update to version 22.3R3-EVO or later. For Junos OS Evolved versions 22.4-EVO prior to 22.4R3-EVO, update to version 22.4R3-EVO or later. As a temporary workaround, consider monitoring the show ppm request-queue command to detect potential memory leaks.