8.7

CVE-2024-39518

A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial of Service (DoS).

When the device is subscribed to a specific subscription on Junos Telemetry Interface, a slow memory leak occurs and eventually all resources are consumed and the device becomes unresponsive. A manual reboot of the Line Card will be required to restore the device to its normal functioning. 

This issue is only seen when telemetry subscription is active.

The Heap memory utilization can be monitored using the following command:
  > show system processes extensive

The following command can be used to monitor the memory utilization of the specific sensor
  > show system info | match sensord
   PID   NAME                 MEMORY     PEAK MEMORY    %CPU   THREAD-COUNT CORE-AFFINITY   UPTIME

   1986  sensord            877.57MB   877.57MB         2       4           0,2-15          7-21:41:32


This issue affects Junos OS: 



  *  from 21.2R3-S5 before 21.2R3-S7, 
  *  from 21.4R3-S4 before 21.4R3-S6, 
  *  from 22.2R3 before 22.2R3-S4, 
  *  from 22.3R2 before 22.3R3-S2, 
  *  from 22.4R1 before 22.4R3, 
  *  from 23.2R1 before 23.2R2.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JuniperJunos Version21.2 Updater3-s5
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version21.2 Updater3-s6
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version21.4 Updater3-s4
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version21.4 Updater3-s5
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.2 Updater3
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.2 Updater3-s1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.2 Updater3-s2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.2 Updater3-s3
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.3 Updater2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.3 Updater2-s1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.3 Updater2-s2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.3 Updater3
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.3 Updater3-s1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.4 Updater1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.4 Updater1-s1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.4 Updater1-s2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.4 Updater2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.4 Updater2-s1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.4 Updater2-s2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version23.2 Updater1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version23.2 Updater1-s1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version23.2 Updater1-s2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.617
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
sirt@juniper.net 8.7 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
sirt@juniper.net 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.