CVE-2026-33780

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 22.4R3-S5 Juniper Networks Junos OS versions 23.2 prior to 23.2R2-S3 Juniper Networks Junos OS versions 23.4 prior to 23.4R2-S4 Juniper Networks Junos OS versions 24.2 prior to 24.2R2 Juniper Networks Junos OS Evolved versions prior to 22.4R3-S5-EVO Juniper Networks Junos OS Evolved versions 23.2 prior to 23.2R2-S3-EVO Juniper Networks Junos OS Evolved versions 23.4 prior to 23.4R2-S4-EVO Juniper Networks Junos OS Evolved versions 24.2 prior to 24.2R2-EVO

Description A memory leak exists in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved. This issue occurs in EVPN-MPLS scenarios when routes are learned from remote multi-homed Provider Edge (PE) devices. Due to a logic error in memory management, memory allocated for these routes is not released when routes change, leading to a memory leak in the l2ald process, potentially causing a crash and restart.

Recommendations Update Junos OS to version 22.4R3-S5 or later. Update Junos OS to version 23.2R2-S3 or later. Update Junos OS to version 23.4R2-S4 or later. Update Junos OS to version 24.2R2 or later. Update Junos OS Evolved to version 22.4R3-S5-EVO or later. Update Junos OS Evolved to version 23.2R2-S3-EVO or later. Update Junos OS Evolved to version 23.4R2-S4-EVO or later. Update Junos OS Evolved to version 24.2R2-EVO or later.