A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticated attacker to cause a memory leak, that will eventually cause a complete Denial-of-Service (DoS). In a DHCPv6 over PPPoE, or DHCPv6 over VLAN with Active lease query or Bulk lease query scenario, every subscriber logout will leak a small amount of memory. When all available memory has been exhausted, jdhcpd will crash and restart which causes a complete service impact until the process has recovered. The memory usage of jdhcpd can be monitored with: user@host> show system processes extensive | match jdhcpd This issue affects Junos OS: * all versions before 22.4R3-S1, * 23.2 versions before 23.2R2, * 23.4 versions before 23.4R2.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:XJuniper Junos
OSJuniper22.423.223.4< 22.4Juniper Mx10004
HWJuniperwszystkie wersjeJuniper Mx10008
HWJuniperwszystkie wersjeJuniper Mx2008
HWJuniperwszystkie wersjeJuniper Mx2010
HWJuniperwszystkie wersjeJuniper Mx2020
HWJuniperwszystkie wersjeJuniper Mx204
HWJuniperwszystkie wersjeJuniper Mx240
HWJuniperwszystkie wersjeJuniper Mx301
HWJuniperwszystkie wersjeJuniper Mx304
HWJuniperwszystkie wersjeJuniper Mx480
HWJuniperwszystkie wersjeJuniper Mx960
HWJuniperwszystkie wersje
Related vulnerabilities
A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series and SR...
Out-of-bounds Write w J-Web Juniper Junos OS — RCE z uprawnieniami root
This issue is not applicable to NFX NextGen Software. On NFX Series devices the use of Hard-coded Credentials ...
A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unaut...
An improper check for unusual or exceptional conditions in Juniper Networks Junos OS and Junos OS Evolved Rout...