Junos OS and Junos OS Evolved: Receipt of specific IS-IS update packet causes memory leak leading to RPD crash

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt and processing of these packets will exhaust all available memory, crashing rpd and creating a Denial of Service (DoS) condition.

Memory usage can be monitored through the use of the 'show task memory detail' command. For example:

user@junos> show task memory detail | match ted-infra TED-INFRA-COOKIE           25   1072     28   1184     229

user@junos>

show task memory detail | match ted-infra TED-INFRA-COOKIE           31   1360     34   1472     307

This issue affects:

Junos OS:

• from 23.2 before 23.2R2,
• from 23.4 before 23.4R1-S2, 23.4R2,
• from 24.1 before 24.1R2;

Junos OS Evolved:

• from 23.2 before 23.2R2-EVO,
• from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO,
• from 24.1 before 24.1R2-EVO.

This issue does not affect Junos OS versions before 23.2R1 or Junos OS Evolved versions before 23.2R1-EVO.