CVE-2024-39557

CVSS V2 None CVSS V3 None
Description
An Uncontrolled Resource Consumption vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service (DoS). Certain MAC table updates cause a small amount of memory to leak.  Once memory utilization reaches its limit, the issue will result in a system crash and restart. To identify the issue, execute the CLI command: user@device> show platform application-info allocations app l2ald-agent EVL Object Allocation Statistics: Node   Application     Context Name                               Live   Allocs   Fails     Guids re0   l2ald-agent               net::juniper::rtnh::L2Rtinfo       1069096 1069302   0         1069302 re0   l2ald-agent               net::juniper::rtnh::NHOpaqueTlv     114     195       0         195 This issue affects Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO.
Overview
  • CVE ID
  • CVE-2024-39557
  • Assigner
  • juniper
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-07-10T22:39:48.575Z
  • Last Modified Date
  • 2024-07-10T22:39:48.575Z
Weakness Enumerations
CWE URL
CWE-400 http://cwe.mitre.org/data/definitions/400.html
References
Reference URL Reference Tags
https://supportportal.juniper.net/JSA83017 vendor-advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2024-39557
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39557
History
Created Old Value New Value Data Type Notes
2024-07-11 13:14:27 Added to TrackCVE