Juniper Networks Junos OS and Junos OS Evolved Memory Leak Vulnerability in RPD Daemon Causes Denial-of-Service

A memory leak vulnerability has been identified in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved. This vulnerability allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send specific update packets that cause a memory leak. As these packets are received and processed, the available memory is exhausted, leading to a crash of the RPD daemon and creating a denial-of-service condition. The issue affects Junos OS versions 23.2 (prior to 23.2R2), 23.4 (prior to 23.4R1-S2, 23.4R2), and 24.1 (prior to 24.1R2), as well as Junos OS Evolved versions 23.2 (prior to 23.2R2-EVO), 23.4 (prior to 23.4R1-S2-EVO, 23.4R2-EVO) and 24.1 (prior to 24.1R2-EVO). The vulnerability does not affect earlier Junos OS or Junos OS Evolved versions.

Impact

Exploitation of this vulnerability leads to a memory leak in the RPD daemon, causing it to crash and create a denial-of-service condition on the affected system.

Remediation

Users can upgrade to Junos OS versions 23.2R2, 23.4R1-S2, 23.4R2, 24.1R2, 24.2R1, and all subsequent releases. For Junos OS Evolved, users can upgrade to versions 23.2R2-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.1R2-EVO, 24.2R1-EVO, and all subsequent releases.