Executive Summary

Informations
Name CVE-2024-39549 First vendor Publication 2024-07-11
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 7.5
Base Score 7.5 Environmental Score 7.5
impact SubScore 3.6 Temporal Score 7.5
Exploitabality Sub Score 3.9
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

A Missing Release of Memory after Effective Lifetime vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This memory is not properly freed in all circumstances, leading to a Denial of Service (DoS).

Consumed memory can be freed by manually restarting Routing Protocol Daemon (rpd).

Memory utilization could be monitored by:Â user@host> show system memory or show system monitor memory status

This issue affects:

Junos OS:Â * All versions before 21.2R3-S8,Â
* from 21.4 before 21.4R3-S8,

* from 22.2 before 22.2R3-S4,Â
* from 22.3 before 22.3R3-S3,Â
* from 22.4 before 22.4R3-S3,
* from 23.2 before 23.2R2-S1,Â
* from 23.4 before 23.4R1-S2, 23.4R2.

Junos OS Evolved:
* All versions before 21.2R3-S8-EVO,
* from 21.4 before 21.4R3-S8-EVO,
* from 22.2 before 22.2R3-S4-EVO,
* from 22.3 before 22.3R3-S3-EVO,
* from 22.4 before 22.4R3-S3-EVO,

* from 23.2 before 23.2R2-S1-EVO,
* from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39549

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-401 Failure to Release Memory Before Removing Last Reference ('Memory Leak')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Hardware 1
Os 1055
Os 133

Sources (Detail)

https://supportportal.juniper.net/JSA83011
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2025-03-29 03:37:58
  • Multiple Updates
2025-03-28 13:43:18
  • Multiple Updates
2024-12-20 14:09:32
  • Multiple Updates
2024-11-25 09:24:01
  • Multiple Updates
2024-10-16 02:51:26
  • Multiple Updates
2024-10-03 05:27:41
  • Multiple Updates
2024-08-15 21:27:42
  • Multiple Updates
2024-07-12 00:27:23
  • Multiple Updates
2024-07-11 21:27:22
  • First insertion