CVE-2024-39549

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 21.2R3-S8 Junos OS versions from 21.4 prior to 21.4R3-S8 Junos OS versions from 22.2 prior to 22.2R3-S4 Junos OS versions from 22.3 prior to 22.3R3-S3 Junos OS versions from 22.4 prior to 22.4R3-S3 Junos OS versions from 23.2 prior to 23.2R2-S1 Junos OS versions from 23.4 prior to 23.4R1-S2, 23.4R2 Junos OS Evolved versions prior to 21.2R3-S8-EVO Junos OS Evolved versions from 21.4 prior to 21.4R3-S8-EVO Junos OS Evolved versions from 22.2 prior to 22.2R3-S4-EVO Junos OS Evolved versions from 22.3 prior to 22.3R3-S3-EVO Junos OS Evolved versions from 22.4 prior to 22.4R3-S3-EVO Junos OS Evolved versions from 23.2 prior to 23.2R2-S1-EVO Junos OS Evolved versions from 23.4 prior to 23.4R1-S2-EVO, 23.4R2-EVO

Description A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS). Consumed memory can be freed by manually restarting Routing Protocol Daemon (rpd). Memory utilization could be monitored by: user@host> show system memory or show system monitor memory status.

Recommendations For Junos OS versions prior to 21.2R3-S8, update to version 21.2R3-S8 or later. For Junos OS versions from 21.4 prior to 21.4R3-S8, update to version 21.4R3-S8 or later. For Junos OS versions from 22.2 prior to 22.2R3-S4, update to version 22.2R3-S4 or later. For Junos OS versions from 22.3 prior to 22.3R3-S3, update to version 22.3R3-S3 or later. For Junos OS versions from 22.4 prior to 22.4R3-S3, update to version 22.4R3-S3 or later. For Junos OS versions from 23.2 prior to 23.2R2-S1, update to version 23.2R2-S1 or later. For Junos OS versions from 23.4 prior to 23.4R1-S2, 23.4R2, update to version 23.4R1-S2, 23.4R2 or later. For Junos OS Evolved versions prior to 21.2R3-S8-EVO, update to version 21.2R3-S8-EVO or later. For Junos OS Evolved versions from 21.4 prior to 21.4R3-S8-EVO, update to version 21.4R3-S8-EVO or later. For Junos OS Evolved versions from 22.2 prior to 22.2R3-S4-EVO, update to version 22.2R3-S4-EVO or later. For Junos OS Evolved versions from 22.3 prior to 22.3R3-S3-EVO, update to version 22.3R3-S3-EVO or later. For Junos OS Evolved versions from 22.4 prior to 22.4R3-S3-EVO, update to version 22.4R3-S3-EVO or later. For Junos OS Evolved versions from 23.2 prior to 23.2R2-S1-EVO, update to version 23.2R2-S1-EVO or later. For Junos OS Evolved versions from 23.4 prior to 23.4R1-S2-EVO, 23.4R2-EVO, update to version 23.4R1-S2-EVO, 23.4R2-EVO or later. As a temporary workaround, consider manually restarting Routing Protocol Daemon (rpd) to free consumed memory. Monitor memory utilization using the commands "show system memory" or "show system monitor memory status".