VYPR
Unrated severityNVD Advisory· Published Jul 11, 2024· Updated Aug 2, 2024

Junos OS Evolved: Receipt of specific packets in the aftmand process will lead to a memory leak

CVE-2024-39548

Description

An Uncontrolled Resource Consumption vulnerability in the aftmand process of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to consume memory resources, resulting in a Denial of Service (DoS) condition. The processes do not recover on their own and must be manually restarted.

This issue affects both IPv4 and IPv6.

Changes in memory usage can be monitored using the following CLI command: user@device> show system memory node | grep evo-aftmann This issue affects Junos OS Evolved:

  • All versions before 21.2R3-S8-EVO,
  • 21.3 versions before 21.3R3-S5-EVO,
  • 21.4 versions before 21.4R3-S5-EVO,
  • 22.1 versions before 22.1R3-S4-EVO,
  • 22.2 versions before 22.2R3-S4-EVO,
  • 22.3 versions before 22.3R3-S3-EVO,
  • 22.4 versions before 22.4R2-S2-EVO, 22.4R3-EVO,
  • 23.2 versions before 23.2R1-S1-EVO, 23.2R2-EVO.

Affected products

2
  • before 21.2R3-S8-EVO, 21.3 before 21.3R3-S5-EVO, 21.4 before 21.4R3-S5-EVO, 22.1 before 22.1R3-S4-EVO, 22.2 before 22.2R3-S4-EVO, 22.3 before 22.3R3-S3-EVO, 22.4 before 22.4R2-S2-EVO or 22.4R3-EVO, 23.2 before 23.2R1-S1-EVO or 23.2R2-EVO+ 1 more
    • (no CPE)range: before 21.2R3-S8-EVO, 21.3 before 21.3R3-S5-EVO, 21.4 before 21.4R3-S5-EVO, 22.1 before 22.1R3-S4-EVO, 22.2 before 22.2R3-S4-EVO, 22.3 before 22.3R3-S3-EVO, 22.4 before 22.4R2-S2-EVO or 22.4R3-EVO, 23.2 before 23.2R1-S1-EVO or 23.2R2-EVO
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.