GHSA-f7rm-gv39-r2j5

Описание

A Missing Release of Memory after Effective Lifetime vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).

In a subscriber management scenario, login/logout activity triggers a memory leak, and the leaked memory gradually increments and eventually results in a crash.                 user@host> show chassis fpc                                        Temp    CPU Utilization (%)   CPU Utilization (%)   Memory     Utilization (%)                       Slot State       (C)     Total   Interrupt     1min   5min  15min    DRAM (MB)  Heap   Buffer

                      2 Online         36       10         0          9     8     9        32768      26         0                                                                                                      

This issue affects Junos OS on MX Series:

• All versions before 21.2R3-S9
• from 21.4 before 21.4R3-S10
• from 22.2 before 22.2R3-S6
• from 22.4 before 22.4R3-S5
• from 23.2 before 23.2R2-S3
• from 23.4 before 23.4R2-S3
• from 24.2 before 24.2R2.