CVE-2024-39557
Severity CVSS v4.0:
HIGH
Type:
CWE-400
Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
10/07/2024
Last modified:
07/02/2025
Description
An Uncontrolled Resource Consumption vulnerability in the <br />
<br />
Layer 2 Address Learning Daemon (l2ald)<br />
<br />
of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service (DoS).<br />
<br />
Certain MAC table updates cause a small amount of memory to leak. Once memory utilization reaches its limit, the issue will result in a system crash and restart.<br />
<br />
To identify the issue, execute the CLI command:<br />
<br />
user@device> show platform application-info allocations app l2ald-agent<br />
EVL Object Allocation Statistics:<br />
<br />
Node Application Context Name Live Allocs Fails Guids<br />
re0 l2ald-agent net::juniper::rtnh::L2Rtinfo 1069096 1069302 0 1069302<br />
re0 l2ald-agent net::juniper::rtnh::NHOpaqueTlv 114 195 0 195<br />
<br />
<br />
<br />
This issue affects Junos OS Evolved: <br />
<br />
<br />
* All versions before 21.4R3-S8-EVO,<br />
<br />
* from 22.2-EVO before 22.2R3-S4-EVO, <br />
* from 22.3-EVO before 22.3R3-S3-EVO, <br />
* from 22.4-EVO before 22.4R3-EVO, <br />
* from 23.2-EVO before 23.2R2-EVO.
Impact
Base Score 4.0
7.10
Severity 4.0
HIGH
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:* | 21.4 (excluding) | |
cpe:2.3:o:juniper:junos_os_evolved:21.4:-:*:*:*:*:*:* | ||
cpe:2.3:o:juniper:junos_os_evolved:21.4:r1:*:*:*:*:*:* | ||
cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s1:*:*:*:*:*:* | ||
cpe:2.3:o:juniper:junos_os_evolved:21.4:r1-s2:*:*:*:*:*:* | ||
cpe:2.3:o:juniper:junos_os_evolved:21.4:r2:*:*:*:*:*:* | ||
cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s1:*:*:*:*:*:* | ||
cpe:2.3:o:juniper:junos_os_evolved:21.4:r2-s2:*:*:*:*:*:* | ||
cpe:2.3:o:juniper:junos_os_evolved:21.4:r3:*:*:*:*:*:* | ||
cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s1:*:*:*:*:*:* | ||
cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s2:*:*:*:*:*:* | ||
cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s3:*:*:*:*:*:* | ||
cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s4:*:*:*:*:*:* | ||
cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s5:*:*:*:*:*:* | ||
cpe:2.3:o:juniper:junos_os_evolved:21.4:r3-s6:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page