Junos OS: MX Series: Subscriber login/logout activity will lead to a memory leak
Description
A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).
In a subscriber management scenario, login/logout activity triggers a memory leak, and the leaked memory gradually increments and eventually results in a crash.
user@host> show chassis fpc Temp CPU Utilization (%) CPU Utilization (%) Memory Utilization (%) Slot State (C) Total Interrupt 1min 5min 15min DRAM (MB) Heap Buffer
2 Online 36 10 0 9 8 9 32768 26 0
This issue affects Junos OS on MX Series: * All versions before 21.2R3-S9 * from 21.4 before 21.4R3-S10 * from 22.2 before 22.2R3-S6 * from 22.4 before 22.4R3-S5 * from 23.2 before 23.2R2-S3 * from 23.4 before 23.4R2-S3 * from 24.2 before 24.2R2.
Affected products
2<21.2R3-S9, >=21.4 <21.4R3-S10, >=22.2 <22.2R3-S6, >=22.4 <22.4R3-S5, >=23.2 <23.2R2-S3, >=23.4 <23.4R2-S3, >=24.2 <24.2R2+ 1 more
- (no CPE)range: <21.2R3-S9, >=21.4 <21.4R3-S10, >=22.2 <22.2R3-S6, >=22.4 <22.4R3-S5, >=23.2 <23.2R2-S3, >=23.4 <23.4R2-S3, >=24.2 <24.2R2
- (no CPE)range: 0
Patches
Vulnerability mechanics
References
1- supportportal.juniper.net/JSA96457mitrevendor-advisory
News mentions
0No linked articles in our index yet.