VYPR
Unrated severityNVD Advisory· Published Feb 5, 2025· Updated Feb 26, 2025

Junos OS and Junos OS Evolved: Receipt of malformed BGP path attributes leads to RPD crash

CVE-2024-39564

Description

This is a similar, but different vulnerability than the issue reported as CVE-2024-39549.

A double-free vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This double free of memory is causing an rpd crash, leading to a Denial of Service (DoS).

This issue affects:

Junos OS:  * from 22.4 before 22.4R3-S4.

Junos OS Evolved: * from 22.4 before 22.4R3-S4-EVO.

Affected products

3

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.