← Back

CVE-2024-39557

nvd nist
Published: Jul 10, 2024Modified: Feb 7, 2025

JSON object

Loading...
7.1
Vector
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:XShow less
Source: sirt@juniper.net (Secondary)

Description

An Uncontrolled Resource Consumption vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service (DoS). Certain MAC table updates cause a small amount of memory to leak.  Once memory utilization reaches its limit, the issue will result in a system crash and restart. To identify the issue, execute the CLI command: user@device> show platform application-info allocations app l2ald-agent EVL Object Allocation Statistics: Node   Application     Context Name                               Live   Allocs   Fails     Guids re0   l2ald-agent               net::juniper::rtnh::L2Rtinfo       1069096 1069302   0         1069302 re0   l2ald-agent               net::juniper::rtnh::NHOpaqueTlv     114     195       0         195 This issue affects Junos OS Evolved: * All versions before 21.4R3-S8-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S3-EVO, * from 22.4-EVO before 22.4R3-EVO, * from 23.2-EVO before 23.2R2-EVO.

Affected (48)

Juniper
1 product
Junos Os Evolved
Configuration A
48 vulnerable
Vulnerable SoftwareAffected Versions
Juniper
Junos Os Evolved
Before 21.4
Junos Os Evolved
Version 21.4
Junos Os Evolved
Version 21.4 r1-s1
Junos Os Evolved
Version 21.4 r1-s2
Junos Os Evolved
Version 21.4 r1
Junos Os Evolved
Version 21.4 r2-s1
Junos Os Evolved
Version 21.4 r2-s2
Junos Os Evolved
Version 21.4 r2
Junos Os Evolved
Version 21.4 r3-s1
Junos Os Evolved
Version 21.4 r3-s2
Junos Os Evolved
Version 21.4 r3-s3
Junos Os Evolved
Version 21.4 r3-s4
Junos Os Evolved
Version 21.4 r3-s5
Junos Os Evolved
Version 21.4 r3-s6
Junos Os Evolved
Version 21.4 r3-s7
Junos Os Evolved
Version 21.4 r3
Junos Os Evolved
Version 22.2
Junos Os Evolved
Version 22.2 r1-s1
Junos Os Evolved
Version 22.2 r1-s2
Junos Os Evolved
Version 22.2 r1
Junos Os Evolved
Version 22.2 r2-s1
Junos Os Evolved
Version 22.2 r2-s2
Junos Os Evolved
Version 22.2 r2
Junos Os Evolved
Version 22.2 r3-s1
Junos Os Evolved
Version 22.2 r3-s2
Junos Os Evolved
Version 22.2 r3-s3
Junos Os Evolved
Version 22.2 r3
Junos Os Evolved
Version 22.3
Junos Os Evolved
Version 22.3 r1-s1
Junos Os Evolved
Version 22.3 r1-s2
Junos Os Evolved
Version 22.3 r1
Junos Os Evolved
Version 22.3 r2-s1
Junos Os Evolved
Version 22.3 r2-s2
Junos Os Evolved
Version 22.3 r2
Junos Os Evolved
Version 22.3 r3-s1
Junos Os Evolved
Version 22.3 r3-s2
Junos Os Evolved
Version 22.3 r3
Junos Os Evolved
Version 22.4
Junos Os Evolved
Version 22.4 r1-s1
Junos Os Evolved
Version 22.4 r1-s2
Junos Os Evolved
Version 22.4 r1
Junos Os Evolved
Version 22.4 r2-s1
Junos Os Evolved
Version 22.4 r2-s2
Junos Os Evolved
Version 22.4 r2
Junos Os Evolved
Version 23.2
Junos Os Evolved
Version 23.2 r1-s1
Junos Os Evolved
Version 23.2 r1-s2
Junos Os Evolved
Version 23.2 r1

Related CWEs

CWE-400
Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

Source: sirt@juniper.net
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.