Missing Release of Memory after Effective Lifetime Vulnerability in Routing Process Daemon (rpd) Could Lead to Denial of Service (DoS)
CVE-2024-39549

8.7HIGH

Key Information:

Vendor

Juniper Networks
Status
Junos Os
Junos Os Evolved
Vendor
CVE Published:
11 July 2024

Badges

๐Ÿ‘พ Exploit Exists

What is CVE-2024-39549?

A vulnerability present in the Routing Protocol Daemon (rpd) within Juniper Networks' Junos OS and Junos OS Evolved occurs due to inadequate memory release after processing malformed BGP Path attribute updates. This flaw allows an attacker to exploit the system by sending these bad updates, resulting in allocated memory for logging that is not correctly freed under certain conditions. As a result, this can lead to resource exhaustion and potential Denial of Service (DoS) as the Routing Protocol Daemon does not manage the consumed memory effectively. Operators can monitor memory usage using commands like 'show system memory' or 'show system monitor memory status' and must restart the rpd manually to free the consumed memory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Junos OS 0 < 21.2R3-S8

Junos OS 21.4 < 21.4R3-S8

Junos OS 22.2 < 22.2R3-S4

References

https://supportportal.juniper.net/JSA83011
vendor-advisory

CVSS V4

Score:
8.7
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

JSON
.