CVE-2024-39564
Published: 05 February 2025
Description
This is a similar, but different vulnerability than the issue reported as CVE-2024-39549. A double-free vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This double free of memory is causing an rpd crash, leading to a Denial of Service (DoS). This issue affects: Junos OS: * from 22.4 before 22.4R3-S4. Junos OS Evolved: * from 22.4 before 22.4R3-S4-EVO.
Security Summary
CVE-2024-39564 is a double-free vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. The issue, which is similar but distinct from CVE-2024-39549, occurs when an attacker sends a malformed BGP Path attribute update that allocates memory for logging the invalid attribute, triggering a double-free condition and causing an rpd crash. It affects Junos OS versions from 22.4 prior to 22.4R3-S4 and Junos OS Evolved versions from 22.4 prior to 22.4R3-S4-EVO.
A remote, unauthenticated attacker with network access can exploit this vulnerability by transmitting the malformed BGP update, leading to a denial of service (DoS) through the rpd process crash. The CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) reflects its high availability impact, low attack complexity, and lack of required privileges, making it feasible for attackers able to reach BGP sessions.
Juniper's advisory JSA83011 provides details on mitigation, available at https://supportportal.juniper.net/JSA83011. Affected systems should be upgraded to Junos OS 22.4R3-S4 or later, or Junos OS Evolved 22.4R3-S4-EVO or later, to address the vulnerability.
Details
- CWE(s)