Description
A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt and processing of these packets will exhaust all available memory, crashing rpd and creating a Denial of Service (DoS) condition.

Memory usage can be monitored through the use of the 'show task memory detail' command. For example:

user@junos> show task memory detail | match ted-infra
  TED-INFRA-COOKIE           25   1072     28   1184     229



user@junos>

show task memory detail | match ted-infra
  TED-INFRA-COOKIE           31   1360     34   1472     307

This issue affects:

Junos OS: 

* from 23.2 before 23.2R2, 
* from 23.4 before 23.4R1-S2, 23.4R2, 
* from 24.1 before 24.1R2; 


Junos OS Evolved: 

* from 23.2 before 23.2R2-EVO, 
* from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO, 
* from 24.1 before 24.1R2-EVO.


This issue does not affect Junos OS versions before 23.2R1 or Junos OS Evolved versions before 23.2R1-EVO.
Published: 2026-01-15
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Immediate Patch
AI Analysis

Impact

A missing release of memory after effective lifetime vulnerability in the routing protocol daemon (rpd) allows an unauthenticated attacker controlling a neighboring IS‑IS node to send a specially crafted update packet, causing a memory leak. Continued receipt of such packets exhausts all available memory, causing the rpd process to crash and resulting in a denial‑of‑service condition for the router.

Affected Systems

Juniper Networks Junos OS and Junos OS Evolved devices are affected. For Junos OS the issue impacts all releases from 23.2 up to but not including 23.2R2, from 23.4 up to but not including the first release after 23.4R1‑S2, and from 24.1 up to but not including 24.1R2. For Junos OS Evolved the affected range mirrors the Junos OS range, with the same release boundaries. Devices running versions earlier than 23.2R1 or 23.2R1‑EVO are not affected.

Risk and Exploitability

The severity is rated at CVSS 7.1 (medium) and the EPSS score is below 1%, indicating a low probability of exploitation in the wild. Nonetheless, the vulnerability is unauthenticated and requires only that an attacker control a neighboring IS‑IS node, which is relatively trivial to achieve in many environments. Because the exploit simply involves sending repeated update packets that trigger a memory leak, operators should treat this as a moderate risk until the software is patched. The vulnerability is not listed in the CISA KEV catalog as of the current data.

Generated by OpenCVE AI on April 18, 2026 at 05:58 UTC.

Remediation

Vendor Solution

The following software releases have been updated to resolve this specific issue: Junos OS: 23.2R2, 23.4R1-S2, 23.4R2, 24.1R2, 24.2R1, and all subsequent releases. Junos OS Evolved: 23.2R2-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.1R2-EVO, 24.2R1-EVO, and all subsequent releases.

Vendor Workaround

There are no known workarounds for this issue.

OpenCVE Recommended Actions

  • Upgrade Junos OS to release 23.2R2 or later on all vulnerable devices.
  • Upgrade Junos OS Evolved to release 23.2R2‑EVO or later on all vulnerable devices.
  • Limit IS‑IS adjacencies to trusted peers or remove untrusted adjacencies from routers running affected software.
  • Use the 'show task memory detail' command to monitor the rpd process memory usage and take corrective action if memory growth indicates a leak.

Generated by OpenCVE AI on April 18, 2026 at 05:58 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 23 Jan 2026 19:45:00 +0000

Type Values Removed Values Added
First Time appeared Juniper
Juniper junos
Juniper junos Os Evolved
CPEs cpe:2.3:o:juniper:junos:23.2:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.2:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:23.4:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.1:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos:24.1:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.2:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.2:r1-s2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.2:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.4:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.4:r1-s1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.4:r1:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:23.4:r2:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:24.1:-:*:*:*:*:*:*
cpe:2.3:o:juniper:junos_os_evolved:24.1:r1:*:*:*:*:*:*
Vendors & Products Juniper
Juniper junos
Juniper junos Os Evolved

Fri, 16 Jan 2026 14:15:00 +0000

Type Values Removed Values Added
First Time appeared Juniper Networks
Juniper Networks junos Os
Juniper Networks junos Os Evolved
Vendors & Products Juniper Networks
Juniper Networks junos Os
Juniper Networks junos Os Evolved

Thu, 15 Jan 2026 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 15 Jan 2026 20:30:00 +0000

Type Values Removed Values Added
Description A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt and processing of these packets will exhaust all available memory, crashing rpd and creating a Denial of Service (DoS) condition. Memory usage can be monitored through the use of the 'show task memory detail' command. For example: user@junos> show task memory detail | match ted-infra   TED-INFRA-COOKIE           25   1072     28   1184     229 user@junos> show task memory detail | match ted-infra   TED-INFRA-COOKIE           31   1360     34   1472     307 This issue affects: Junos OS:  * from 23.2 before 23.2R2,  * from 23.4 before 23.4R1-S2, 23.4R2,  * from 24.1 before 24.1R2;  Junos OS Evolved:  * from 23.2 before 23.2R2-EVO,  * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO,  * from 24.1 before 24.1R2-EVO. This issue does not affect Junos OS versions before 23.2R1 or Junos OS Evolved versions before 23.2R1-EVO.
Title Junos OS and Junos OS Evolved: Receipt of specific IS-IS update packet causes memory leak leading to RPD crash
Weaknesses CWE-401
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/R:A/V:C/RE:M/U:Green'}

Subscriptions

Juniper Junos Junos Os Evolved
Juniper Networks Junos Os Junos Os Evolved
cve-icon MITRE

Status: PUBLISHED

Assigner: juniper

Published:

Updated: 2026-01-15T20:52:42.400Z

Reserved: 2026-01-05T17:32:48.710Z

Link: CVE-2026-21909

cve-icon Vulnrichment

Updated: 2026-01-15T20:52:39.114Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-15T21:16:06.727

Modified: 2026-01-23T19:40:48.193

Link: CVE-2026-21909

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T06:00:08Z

Weaknesses