A memory leak vulnerability has been identified in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. This vulnerability allows a local, low-privileged user to impact the device's availability. The issue arises when RIB sharding is enabled and certain routing-related 'show' commands are executed, leading to a gradual increase in memory usage. Once the available memory is exhausted, rpd crashes and restarts. The memory leak can be monitored using a specific CLI command.
Exploitation of this vulnerability causes the routing protocol daemon (rpd) to crash and restart, disrupting routing processes on the device.
To reproduce this vulnerability, RIB sharding must be enabled on the device. Once RIB sharding is active, a low-privileged user can execute one of several routing-related 'show' commands. Each execution of these commands will cause a memory leak, which can be monitored with the CLI command 'show task memory detail | match task_shard_mgmt_cookie'. As the leaked memory accumulates, it will eventually exhaust the device's available memory, causing rpd to crash and restart.
Users can update to Junos OS versions 21.2R3-S9, 21.4R3-S11, 22.2R3-S7, 22.4R3-S7, 23.2R2-S4, 23.4R2-S4, 24.2R2, 24.4R1-S2, 24.4R2, 25.2R1, and all subsequent releases. For Junos OS Evolved, users can update to versions 22.2R3-S7-EVO, 22.4R3-S7-EVO, 23.2R2-S4-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R2-EVO, 25.2R1-EVO, and all subsequent releases.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
