VYPR
Medium severity6.5NVD Advisory· Published Apr 9, 2026· Updated Apr 17, 2026

CVE-2026-33780

CVE-2026-33780

Description

A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS).

In an EVPN-MPLS scenario, routes learned from remote multi-homed Provider Edge (PE) devices are programmed as ESI routes. Due to a logic issue in the l2ald memory management, memory allocated for these routes is not released when there is churn for these routes. As a result, memory leaks in the l2ald process which will ultimately lead to a crash and restart of l2ald.

Use the following command to monitor the memory consumption by l2ald:

user@device> show system process extensive | match "PID|l2ald"

This issue affects:

Junos OS:

  • all versions before 22.4R3-S5,
  • 23.2 versions before 23.2R2-S3,
  • 23.4 versions before 23.4R2-S4,
  • 24.2 versions before 24.2R2;

Junos OS Evolved:

  • all versions before 22.4R3-S5-EVO,
  • 23.2 versions before 23.2R2-S3-EVO,
  • 23.4 versions before 23.4R2-S4-EVO,
  • 24.2 versions before 24.2R2-EVO.

Affected products

65
  • cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*+ 32 more
    • cpe:2.3:o:juniper:junos:*:*:*:*:*:*:*:*range: <22.4
    • cpe:2.3:o:juniper:junos:22.4:-:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:22.4:r1:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:22.4:r1-s1:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:22.4:r1-s2:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:22.4:r2:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:22.4:r2-s1:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:22.4:r2-s2:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:22.4:r3:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:22.4:r3-s1:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:22.4:r3-s2:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:22.4:r3-s3:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:22.4:r3-s4:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:23.2:r2:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:23.2:r2-s1:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:23.2:r2-s2:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:23.4:r1-s2:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:23.4:r2:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:23.4:r2-s1:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:23.4:r2-s2:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:23.4:r2-s3:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:24.2:-:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:24.2:r1:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:24.2:r1-s1:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos:24.2:r1-s2:*:*:*:*:*:*
    • (no CPE)range: < 22.4R3-S5, >= 23.2 < 23.2R2-S3, >= 23.4 < 23.4R2-S4, >= 24.2 < 24.2R2
  • cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*+ 31 more
    • cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*range: <22.4
    • cpe:2.3:o:juniper:junos_os_evolved:22.4:-:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:22.4:r1:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s1:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:22.4:r1-s2:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:22.4:r2:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s1:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:22.4:r2-s2:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:22.4:r3:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s1:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s2:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s3:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:22.4:r3-s4:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:23.2:r1:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:23.2:r2:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s1:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:23.2:r2-s2:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:23.4:-:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:23.4:r1:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s1:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s2:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:23.4:r2:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s1:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s2:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:23.4:r2-s3:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:24.2:-:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:24.2:r1:*:*:*:*:*:*
    • cpe:2.3:o:juniper:junos_os_evolved:24.2:r1-s2:*:*:*:*:*:*
    • (no CPE)range: < 22.4R3-S5-EVO, >= 23.2 < 23.2R2-S3-EVO, >= 23.4 < 23.4R2-S4-EVO, >= 24.2 < 24.2R2-EVO

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.