7.1

CVE-2024-39550

A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process of Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps) to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). 

Memory can only be recovered by manually restarting rtlogd process. 
The memory usage can be monitored using the below command.

    user@host> show system processes extensive | match rtlog 



This issue affects Junos OS on MX Series with SPC3 line card: 



  *  from 21.2R3 before 21.2R3-S8, 
  *  from 21.4R2 before 21.4R3-S6, 
  *  from 22.1 before 22.1R3-S5, 
  *  from 22.2 before 22.2R3-S3, 
  *  from 22.3 before 22.3R3-S2, 
  *  from 22.4 before 22.4R3-S1, 
  *  from 23.2 before 23.2R2, 
  *  from 23.4 before 23.4R2.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JuniperJunos Version21.2 Updater3
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version21.2 Updater3-s1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version21.2 Updater3-s2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version21.2 Updater3-s3
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version21.2 Updater3-s4
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version21.2 Updater3-s5
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version21.2 Updater3-s6
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version21.2 Updater3-s7
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version21.4 Updater2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version21.4 Updater2-s1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version21.4 Updater2-s2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version21.4 Updater3
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version21.4 Updater3-s1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version21.4 Updater3-s2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version21.4 Updater3-s3
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version21.4 Updater3-s4
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version21.4 Updater3-s5
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.1 Update-
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.1 Updater1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.1 Updater1-s1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.1 Updater1-s2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.1 Updater2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.1 Updater2-s1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.1 Updater2-s2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.1 Updater3
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.1 Updater3-s1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.1 Updater3-s2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.1 Updater3-s3
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.1 Updater3-s4
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.2 Update-
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.2 Updater1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.2 Updater1-s1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.2 Updater1-s2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.2 Updater2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.2 Updater2-s1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.2 Updater2-s2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.2 Updater3
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.2 Updater3-s1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.2 Updater3-s2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.3 Update-
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.3 Updater1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.3 Updater1-s1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.3 Updater1-s2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.3 Updater2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.3 Updater2-s1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.3 Updater2-s2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.3 Updater3
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.3 Updater3-s1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.4 Update-
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.4 Updater1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.4 Updater1-s1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.4 Updater1-s2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.4 Updater2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.4 Updater2-s1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.4 Updater2-s2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version22.4 Updater3
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version23.2 Update-
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version23.2 Updater1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version23.2 Updater1-s1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version23.2 Updater1-s2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version23.4 Update-
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version23.4 Updater1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version23.4 Updater1-s1
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
JuniperJunos Version23.4 Updater1-s2
   JuniperMx240 Version-
   JuniperMx480 Version-
   JuniperMx960 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.15% 0.36
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
sirt@juniper.net 7.1 0 0
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:X/U:X
sirt@juniper.net 6.5 2.8 3.6
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.