Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2026-21909

Опубликовано: 15 янв. 2026
Источник: nvd
CVSS3: 6.5
EPSS Низкий

Описание

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt and processing of these packets will exhaust all available memory, crashing rpd and creating a Denial of Service (DoS) condition.

Memory usage can be monitored through the use of the 'show task memory detail' command. For example:

user@junos> show task memory detail | match ted-infra   TED-INFRA-COOKIE           25   1072     28   1184     229

user@junos>

show task memory detail | match ted-infra   TED-INFRA-COOKIE           31   1360     34   1472     307

This issue affects:

Junos OS: 

  • from 23.2 before 23.2R2, 
  • from 23.4 before 23.4R1-S2, 23.4R2, 
  • from 24.1 before 24.1R2; 

Junos OS Evolved: 

  • from 23.2 before 2

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.1:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.1:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.2:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.4:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:24.1:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:24.1:r1:*:*:*:*:*:*

EPSS

Процентиль: 4%
0.00018
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-401

Связанные уязвимости

github логотип

GHSA-cf3w-5gm7-wvp9

CVSS3: 6.5
github
23 дня назад

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt and processing of these packets will exhaust all available memory, crashing rpd and creating a Denial of Service (DoS) condition. Memory usage can be monitored through the use of the 'show task memory detail' command. For example: user@junos> show task memory detail | match ted-infra   TED-INFRA-COOKIE           25   1072     28   1184     229 user@junos> show task memory detail | match ted-infra   TED-INFRA-COOKIE           31   1360     34   1472     307 This issue affects: Junos OS:  * from 23.2 before 23.2R2,  * from 23.4 before 23.4R1-S2, 23.4R2,  * from 24.1 before 24.1R2;  Junos OS Evolved:  * from 23.2 befor...

EPSS

Процентиль: 4%
0.00018
Низкий

6.5 Medium

CVSS3

Дефекты

CWE-401