ghsa-g26w-g327-7xm5
Vulnerability from github
7.1 (High) - CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:A
An Uncontrolled Resource Consumption vulnerability in the
Layer 2 Address Learning Daemon (l2ald)
of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service (DoS).
Certain MAC table updates cause a small amount of memory to leak. Once memory utilization reaches its limit, the issue will result in a system crash and restart.
To identify the issue, execute the CLI command:
user@device> show platform application-info allocations app l2ald-agent EVL Object Allocation Statistics:
Node Application Context Name Live Allocs Fails Guids re0 l2ald-agent net::juniper::rtnh::L2Rtinfo 1069096 1069302 0 1069302 re0 l2ald-agent net::juniper::rtnh::NHOpaqueTlv 114 195 0 195
This issue affects Junos OS Evolved:
-
All versions before 21.4R3-S8-EVO,
-
from 22.2-EVO before 22.2R3-S4-EVO,
- from 22.3-EVO before 22.3R3-S3-EVO,
- from 22.4-EVO before 22.4R3-EVO,
- from 23.2-EVO before 23.2R2-EVO.
{ affected: [], aliases: [ "CVE-2024-39557", ], database_specific: { cwe_ids: [ "CWE-400", ], github_reviewed: false, github_reviewed_at: null, nvd_published_at: "2024-07-10T23:15:12Z", severity: "HIGH", }, details: "An Uncontrolled Resource Consumption vulnerability in the \n\nLayer 2 Address Learning Daemon (l2ald)\n\n of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service (DoS).\n\nCertain MAC table updates cause a small amount of memory to leak. Once memory utilization reaches its limit, the issue will result in a system crash and restart.\n\nTo identify the issue, execute the CLI command:\n \nuser@device> show platform application-info allocations app l2ald-agent\nEVL Object Allocation Statistics:\n \n Node Application Context Name Live Allocs Fails Guids\n re0 l2ald-agent net::juniper::rtnh::L2Rtinfo 1069096 1069302 0 1069302\n re0 l2ald-agent net::juniper::rtnh::NHOpaqueTlv 114 195 0 195\n\n\n\nThis issue affects Junos OS Evolved: \n\n\n * All versions before 21.4R3-S8-EVO,\n\n * from 22.2-EVO before 22.2R3-S4-EVO, \n * from 22.3-EVO before 22.3R3-S3-EVO, \n * from 22.4-EVO before 22.4R3-EVO, \n * from 23.2-EVO before 23.2R2-EVO.", id: "GHSA-g26w-g327-7xm5", modified: "2024-07-11T00:32:51Z", published: "2024-07-11T00:32:51Z", references: [ { type: "ADVISORY", url: "https://nvd.nist.gov/vuln/detail/CVE-2024-39557", }, { type: "WEB", url: "https://supportportal.juniper.net/JSA83017", }, ], schema_version: "1.4.0", severity: [ { score: "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", type: "CVSS_V3", }, { score: "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X", type: "CVSS_V4", }, ], }
Log in or create an account to share your comment.
This schema specifies the format of a comment related to a security advisory.
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.