{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-39536", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "state": "PUBLISHED", "assignerShortName": "juniper", "dateReserved": "2024-06-25T15:12:53.241Z", "datePublished": "2024-07-11T16:13:24.485Z", "dateUpdated": "2024-08-02T04:26:15.613Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Junos OS", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.2R3-S8", "status": "affected", "version": "0", "versionType": "semver"}, {"lessThan": "21.4R3-S7", "status": "affected", "version": "21.4", "versionType": "semver"}, {"lessThan": "22.1R3-S4", "status": "affected", "version": "22.1", "versionType": "semver"}, {"lessThan": "22.2R3-S4", "status": "affected", "version": "22.2", "versionType": "semver"}, {"lessThan": "22.3R3", "status": "affected", "version": "22.3", "versionType": "semver"}, {"lessThan": "22.4R2-S2, 22.4R3", "status": "affected", "version": "22.4", "versionType": "semver"}]}, {"defaultStatus": "unaffected", "product": "Junos OS Evolved", "vendor": "Juniper Networks", "versions": [{"lessThan": "21.2R3-S8-EVO", "status": "affected", "version": "21.2-EVO", "versionType": "semver"}, {"lessThan": "21.4R3-S7-EVO", "status": "affected", "version": "21.4-EVO", "versionType": "semver"}, {"lessThan": "22.2R3-S4-EVO", "status": "affected", "version": "22.2-EVO", "versionType": "semver"}, {"lessThan": "22.3R3-EVO", "status": "affected", "version": "22.3-EVO", "versionType": "semver"}, {"lessThan": "22.4R3-EVO", "status": "affected", "version": "22.4-EVO", "versionType": "semver"}, {"lessThan": "23.2R1-EVO", "status": "affected", "version": "23.2-EVO", "versionType": "semver"}]}], "configurations": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "To be exposed to this issue, BFD with authentication like in the following examples needs to be \n\n<span style=\"background-color: rgb(255, 255, 255);\">configured</span>:<br><br><tt>[ protocols &lt;protocol&gt; ... bfd-liveness-detection&nbsp;authentication ]<br>[ routing-options ... bfd-liveness-detection authentication ]</tt>"}], "value": "To be exposed to this issue, BFD with authentication like in the following examples needs to be \n\nconfigured:\n\n[ protocols <protocol> ... bfd-liveness-detection\u00a0authentication ]\n[ routing-options ... bfd-liveness-detection authentication ]"}], "datePublic": "2024-07-10T16:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a \n\n<span style=\"background-color: rgb(255, 255, 255);\">Denial-of-Service (DoS)</span>.<p><br></p><p><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">When a&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">BFD session configured with authentication </span>flaps,&nbsp;</span>ppmd memory can leak. Whether the leak happens depends on a&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode.</span></span><br><span style=\"background-color: rgb(255, 255, 255);\"><br></span></p><p><span style=\"background-color: rgb(255, 255, 255);\">Whether the leak occurs can be monitored with the following CLI command:</span></p><p>&gt; show ppm request-queue<br></p><tt><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">FPC &nbsp; &nbsp; Pending-request</span><br><span style=\"background-color: rgb(255, 255, 255);\">fpc0&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;2</span><br><span style=\"background-color: rgb(255, 255, 255);\">request-total-pending: 2</span>\n\n<br></span></tt><p><span style=\"background-color: rgb(255, 255, 255);\">where a continuously increasing number of pending requests is indicative of the leak.&nbsp;</span></p><p><span style=\"background-color: rgb(255, 255, 255);\"><br></span></p><p></p>\n\n<p>This issue affects:</p><p>Junos OS:<br></p><ul><li>All versions before 21.2R3-S8,</li><li>21.4 versions before 21.4R3-S7,</li><li>22.1 versions before 22.1R3-S4,</li><li>22.2 versions before 22.2R3-S4, </li><li>22.3 versions before 22.3R3,</li><li>22.4 versions before 22.4R2-S2, 22.4R3.</li></ul><br>Junos OS Evolved:<br><ul><li>All versions before 21.2R3-S8-EVO,</li><li>21.4-EVO versions before 21.4R3-S7-EVO,</li><li>22.2-EVO versions before 22.2R3-S4-EVO,</li><li>22.3-EVO versions before 22.3R3-EVO,</li><li>22.4-EVO versions before 22.4R3-EVO.</li></ul>"}], "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a \n\nDenial-of-Service (DoS).\n\n\nWhen a\u00a0BFD session configured with authentication flaps,\u00a0ppmd memory can leak. Whether the leak happens depends on a\u00a0race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode.\n\n\n\nWhether the leak occurs can be monitored with the following CLI command:\n\n> show ppm request-queue\n\n\nFPC \u00a0 \u00a0 Pending-request\nfpc0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a02\nrequest-total-pending: 2\n\n\nwhere a continuously increasing number of pending requests is indicative of the leak.\u00a0\n\n\n\n\n\n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n * All versions before 21.2R3-S8,\n * 21.4 versions before 21.4R3-S7,\n * 22.1 versions before 22.1R3-S4,\n * 22.2 versions before 22.2R3-S4, \n * 22.3 versions before 22.3R3,\n * 22.4 versions before 22.4R2-S2, 22.4R3.\n\n\n\nJunos OS Evolved:\n * All versions before 21.2R3-S8-EVO,\n * 21.4-EVO versions before 21.4R3-S7-EVO,\n * 22.2-EVO versions before 22.2R3-S4-EVO,\n * 22.3-EVO versions before 22.3R3-EVO,\n * 22.4-EVO versions before 22.4R3-EVO."}], "exploits": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "baseScore": 6, "baseSeverity": "MEDIUM", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"description": "Denial-of-Service (DoS)", "lang": "en"}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-07-12T14:42:59.790Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://supportportal.juniper.net/JSA82996"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "The following software releases have been updated to resolve this specific issue:<br>Junos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S4, 22.2R3-S4, 22.3R3, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases;<br>Junos OS Evolved:&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.4R3-EVO, 23.2R1-EVO,&nbsp;and all subsequent releases.</span>"}], "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S4, 22.2R3-S4, 22.3R3, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases;\nJunos OS Evolved:\u00a021.2R3-S8-EVO, 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.4R3-EVO, 23.2R1-EVO,\u00a0and all subsequent releases."}], "source": {"advisory": "JSA82996", "defect": ["1480648"], "discovery": "USER"}, "title": "Junos OS and Junos OS Evolved: Flaps of BFD sessions with authentication cause a ppmd memory leak", "workarounds": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "There are no known workarounds for this issue."}], "value": "There are no known workarounds for this issue."}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"affected": [{"vendor": "juniper", "product": "junos_os", "cpes": ["cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThan": "21.2R3-S8", "versionType": "semver"}, {"version": "21.4", "status": "affected", "lessThan": "21.4R3-S7", "versionType": "semver"}, {"version": "22.1", "status": "affected", "lessThan": "22.1R3-S4", "versionType": "semver"}, {"version": "22.2", "status": "affected", "lessThan": "22.2R3-S4", "versionType": "semver"}, {"version": "22.3", "status": "affected", "lessThan": "22.3R3", "versionType": "semver"}, {"version": "22.4", "status": "affected", "lessThan": "22.4R2-S2", "versionType": "semver"}, {"version": "22.4", "status": "affected", "lessThan": "22.4R3", "versionType": "semver"}]}, {"vendor": "juniper", "product": "junos_os_evolved", "cpes": ["cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "21.2-EVO", "status": "affected", "lessThan": "21.2R3-S8-EVO", "versionType": "semver"}, {"version": "21.4-EVO", "status": "affected", "lessThan": "21.4R3-S7-EVO", "versionType": "semver"}, {"version": "22.2-EVO", "status": "affected", "lessThan": "22.2R3-S4-EVO", "versionType": "semver"}, {"version": "22.3-EVO", "status": "affected", "lessThan": "22.3R3-EVO", "versionType": "semver"}, {"version": "22.4-EVO", "status": "affected", "lessThan": "22.4R3-EVO", "versionType": "semver"}, {"version": "23.2-EVO", "status": "affected", "lessThan": "23.2R1-EVO", "versionType": "semver"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-16T18:38:58.684082Z", "id": "CVE-2024-39536", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T19:01:50.918Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:26:15.613Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://supportportal.juniper.net/JSA82996"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-39536", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-16T18:38:58.684082Z"}}}], "affected": [{"cpes": ["cpe:2.3:o:juniper:junos_os:*:*:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos_os", "versions": [{"status": "affected", "version": "0", "lessThan": "21.2R3-S8", "versionType": "semver"}, {"status": "affected", "version": "21.4", "lessThan": "21.4R3-S7", "versionType": "semver"}, {"status": "affected", "version": "22.1", "lessThan": "22.1R3-S4", "versionType": "semver"}, {"status": "affected", "version": "22.2", "lessThan": "22.2R3-S4", "versionType": "semver"}, {"status": "affected", "version": "22.3", "lessThan": "22.3R3", "versionType": "semver"}, {"status": "affected", "version": "22.4", "lessThan": "22.4R2-S2", "versionType": "semver"}, {"status": "affected", "version": "22.4", "lessThan": "22.4R3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"cpes": ["cpe:2.3:o:juniper:junos_os_evolved:*:*:*:*:*:*:*:*"], "vendor": "juniper", "product": "junos_os_evolved", "versions": [{"status": "affected", "version": "21.2-EVO", "lessThan": "21.2R3-S8-EVO", "versionType": "semver"}, {"status": "affected", "version": "21.4-EVO", "lessThan": "21.4R3-S7-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.2-EVO", "lessThan": "22.2R3-S4-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.3-EVO", "lessThan": "22.3R3-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.4-EVO", "lessThan": "22.4R3-EVO", "versionType": "semver"}, {"status": "affected", "version": "23.2-EVO", "lessThan": "23.2R1-EVO", "versionType": "semver"}], "defaultStatus": "unaffected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-16T18:50:48.166Z"}}], "cna": {"title": "Junos OS and Junos OS Evolved: Flaps of BFD sessions with authentication cause a ppmd memory leak", "source": {"defect": ["1480648"], "advisory": "JSA82996", "discovery": "USER"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}, {"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6, "Automatable": "NOT_DEFINED", "attackVector": "ADJACENT", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "PRESENT", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"status": "affected", "version": "0", "lessThan": "21.2R3-S8", "versionType": "semver"}, {"status": "affected", "version": "21.4", "lessThan": "21.4R3-S7", "versionType": "semver"}, {"status": "affected", "version": "22.1", "lessThan": "22.1R3-S4", "versionType": "semver"}, {"status": "affected", "version": "22.2", "lessThan": "22.2R3-S4", "versionType": "semver"}, {"status": "affected", "version": "22.3", "lessThan": "22.3R3", "versionType": "semver"}, {"status": "affected", "version": "22.4", "lessThan": "22.4R2-S2, 22.4R3", "versionType": "semver"}], "defaultStatus": "unaffected"}, {"vendor": "Juniper Networks", "product": "Junos OS Evolved", "versions": [{"status": "affected", "version": "21.2-EVO", "lessThan": "21.2R3-S8-EVO", "versionType": "semver"}, {"status": "affected", "version": "21.4-EVO", "lessThan": "21.4R3-S7-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.2-EVO", "lessThan": "22.2R3-S4-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.3-EVO", "lessThan": "22.3R3-EVO", "versionType": "semver"}, {"status": "affected", "version": "22.4-EVO", "lessThan": "22.4R3-EVO", "versionType": "semver"}, {"status": "affected", "version": "23.2-EVO", "lessThan": "23.2R1-EVO", "versionType": "semver"}], "defaultStatus": "unaffected"}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "supportingMedia": [{"type": "text/html", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.", "base64": false}]}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue:\nJunos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S4, 22.2R3-S4, 22.3R3, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases;\nJunos OS Evolved:\u00a021.2R3-S8-EVO, 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.4R3-EVO, 23.2R1-EVO,\u00a0and all subsequent releases.", "supportingMedia": [{"type": "text/html", "value": "The following software releases have been updated to resolve this specific issue:<br>Junos OS: 21.2R3-S8, 21.4R3-S7, 22.1R3-S4, 22.2R3-S4, 22.3R3, 22.4R2-S2, 22.4R3, 23.2R1, and all subsequent releases;<br>Junos OS Evolved:&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">21.2R3-S8-EVO, 21.4R3-S7-EVO, 22.2R3-S4-EVO, 22.3R3-EVO, 22.4R3-EVO, 23.2R1-EVO,&nbsp;and all subsequent releases.</span>", "base64": false}]}], "datePublic": "2024-07-10T16:00:00.000Z", "references": [{"url": "https://supportportal.juniper.net/JSA82996", "tags": ["vendor-advisory"]}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue.", "supportingMedia": [{"type": "text/html", "value": "There are no known workarounds for this issue.", "base64": false}]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a \n\nDenial-of-Service (DoS).\n\n\nWhen a\u00a0BFD session configured with authentication flaps,\u00a0ppmd memory can leak. Whether the leak happens depends on a\u00a0race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode.\n\n\n\nWhether the leak occurs can be monitored with the following CLI command:\n\n> show ppm request-queue\n\n\nFPC \u00a0 \u00a0 Pending-request\nfpc0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a02\nrequest-total-pending: 2\n\n\nwhere a continuously increasing number of pending requests is indicative of the leak.\u00a0\n\n\n\n\n\n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n * All versions before 21.2R3-S8,\n * 21.4 versions before 21.4R3-S7,\n * 22.1 versions before 22.1R3-S4,\n * 22.2 versions before 22.2R3-S4, \n * 22.3 versions before 22.3R3,\n * 22.4 versions before 22.4R2-S2, 22.4R3.\n\n\n\nJunos OS Evolved:\n * All versions before 21.2R3-S8-EVO,\n * 21.4-EVO versions before 21.4R3-S7-EVO,\n * 22.2-EVO versions before 22.2R3-S4-EVO,\n * 22.3-EVO versions before 22.3R3-EVO,\n * 22.4-EVO versions before 22.4R3-EVO.", "supportingMedia": [{"type": "text/html", "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a \n\n<span style=\"background-color: rgb(255, 255, 255);\">Denial-of-Service (DoS)</span>.<p><br></p><p><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">When a&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">BFD session configured with authentication </span>flaps,&nbsp;</span>ppmd memory can leak. Whether the leak happens depends on a&nbsp;<span style=\"background-color: rgb(255, 255, 255);\">race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode.</span></span><br><span style=\"background-color: rgb(255, 255, 255);\"><br></span></p><p><span style=\"background-color: rgb(255, 255, 255);\">Whether the leak occurs can be monitored with the following CLI command:</span></p><p>&gt; show ppm request-queue<br></p><tt><span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">FPC &nbsp; &nbsp; Pending-request</span><br><span style=\"background-color: rgb(255, 255, 255);\">fpc0&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;2</span><br><span style=\"background-color: rgb(255, 255, 255);\">request-total-pending: 2</span>\n\n<br></span></tt><p><span style=\"background-color: rgb(255, 255, 255);\">where a continuously increasing number of pending requests is indicative of the leak.&nbsp;</span></p><p><span style=\"background-color: rgb(255, 255, 255);\"><br></span></p><p></p>\n\n<p>This issue affects:</p><p>Junos OS:<br></p><ul><li>All versions before 21.2R3-S8,</li><li>21.4 versions before 21.4R3-S7,</li><li>22.1 versions before 22.1R3-S4,</li><li>22.2 versions before 22.2R3-S4, </li><li>22.3 versions before 22.3R3,</li><li>22.4 versions before 22.4R2-S2, 22.4R3.</li></ul><br>Junos OS Evolved:<br><ul><li>All versions before 21.2R3-S8-EVO,</li><li>21.4-EVO versions before 21.4R3-S7-EVO,</li><li>22.2-EVO versions before 22.2R3-S4-EVO,</li><li>22.3-EVO versions before 22.3R3-EVO,</li><li>22.4-EVO versions before 22.4R3-EVO.</li></ul>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime"}]}, {"descriptions": [{"lang": "en", "description": "Denial-of-Service (DoS)"}]}], "configurations": [{"lang": "en", "value": "To be exposed to this issue, BFD with authentication like in the following examples needs to be \n\nconfigured:\n\n[ protocols <protocol> ... bfd-liveness-detection\u00a0authentication ]\n[ routing-options ... bfd-liveness-detection authentication ]", "supportingMedia": [{"type": "text/html", "value": "To be exposed to this issue, BFD with authentication like in the following examples needs to be \n\n<span style=\"background-color: rgb(255, 255, 255);\">configured</span>:<br><br><tt>[ protocols &lt;protocol&gt; ... bfd-liveness-detection&nbsp;authentication ]<br>[ routing-options ... bfd-liveness-detection authentication ]</tt>", "base64": false}]}], "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2024-07-12T14:42:59.790Z"}}}, "cveMetadata": {"cveId": "CVE-2024-39536", "state": "PUBLISHED", "dateUpdated": "2024-07-16T19:01:50.918Z", "dateReserved": "2024-06-25T15:12:53.241Z", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "datePublished": "2024-07-11T16:13:24.485Z", "assignerShortName": "juniper"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Periodic Packet Management Daemon (ppmd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a \n\nDenial-of-Service (DoS).\n\n\nWhen a\u00a0BFD session configured with authentication flaps,\u00a0ppmd memory can leak. Whether the leak happens depends on a\u00a0race condition which is outside the attackers control. This issue only affects BFD operating in distributed aka delegated (which is the default behavior) or inline mode.\n\n\n\nWhether the leak occurs can be monitored with the following CLI command:\n\n> show ppm request-queue\n\n\nFPC \u00a0 \u00a0 Pending-request\nfpc0\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a02\nrequest-total-pending: 2\n\n\nwhere a continuously increasing number of pending requests is indicative of the leak.\u00a0\n\n\n\n\n\n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n * All versions before 21.2R3-S8,\n * 21.4 versions before 21.4R3-S7,\n * 22.1 versions before 22.1R3-S4,\n * 22.2 versions before 22.2R3-S4, \n * 22.3 versions before 22.3R3,\n * 22.4 versions before 22.4R2-S2, 22.4R3.\n\n\n\nJunos OS Evolved:\n * All versions before 21.2R3-S8-EVO,\n * 21.4-EVO versions before 21.4R3-S7-EVO,\n * 22.2-EVO versions before 22.2R3-S4-EVO,\n * 22.3-EVO versions before 22.3R3-EVO,\n * 22.4-EVO versions before 22.4R3-EVO."}, {"lang": "es", "value": "Una vulnerabilidad de liberaci\u00f3n de memoria faltante despu\u00e9s de la vida \u00fatil efectiva en Periodic Packet Management Daemon (ppmd) de Juniper Networks Junos OS y Junos OS Evolved permite que un atacante adyacente no autenticado provoque una denegaci\u00f3n de servicio (DoS). Cuando una sesi\u00f3n BFD se configura con solapas de autenticaci\u00f3n, la memoria ppmd puede perderse. Que se produzca la fuga depende de una condici\u00f3n de ejecuci\u00f3n que est\u00e1 fuera del control de los atacantes. Este problema solo afecta a BFD que opera en modo distribuido, tambi\u00e9n conocido como delegado (que es el comportamiento predeterminado) o en l\u00ednea. Si se produce la fuga se puede monitorear con el siguiente comando CLI: &gt; show ppm request-queue FPC Pending-request fpc0 2 request-total-pending: 2 donde un n\u00famero continuamente creciente de solicitudes pendientes es indicativo de la fuga. Este problema afecta a: Junos OS: * Todas las versiones anteriores a 21.2R3-S8, * Versiones 21.4 anteriores a 21.4R3-S7, * Versiones 22.1 anteriores a 22.1R3-S4, * Versiones 22.2 anteriores a 22.2R3-S4, * Versiones 22.3 anteriores a 22.3R3, * Versiones 22.4 anteriores a 22.4R2-S2, 22.4R3, * Versiones 23.1 anteriores a 23.1R2. Junos OS Evolved: * Todas las versiones anteriores a 21.2R3-S8-EVO, * Versiones 21.4-EVO anteriores a 21.4R3-S7-EVO, * Versiones 22.2-EVO anteriores a 22.2R3-S4-EVO, * Versiones 22.3-EVO anteriores a 22.3R3- EVO, *versiones 22.4-EVO anteriores a 22.4R3-EVO, *versiones 23.2-EVO anteriores a 23.2R1-EVO."}], "id": "CVE-2024-39536", "lastModified": "2024-07-12T15:15:11.040", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"attackComplexity": "LOW", "attackRequirements": "PRESENT", "attackVector": "ADJACENT", "automatable": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "baseScore": 6.0, "baseSeverity": "MEDIUM", "confidentialityRequirements": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "recovery": "NOT_DEFINED", "safety": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "subsequentSystemConfidentiality": "NONE", "subsequentSystemIntegrity": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnerabilityResponseEffort": "NOT_DEFINED", "vulnerableSystemAvailability": "HIGH", "vulnerableSystemConfidentiality": "NONE", "vulnerableSystemIntegrity": "NONE"}, "source": "sirt@juniper.net", "type": "Secondary"}]}, "published": "2024-07-11T17:15:11.190", "references": [{"source": "sirt@juniper.net", "url": "https://supportportal.juniper.net/JSA82996"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "sirt@juniper.net", "type": "Secondary"}]}

{}