CVE-2024-39564 (GCVE-0-2024-39564)
Vulnerability from cvelistv5 – Published: 2025-02-05 15:31 – Updated: 2025-02-26 18:16
VLAI?
Title
Junos OS and Junos OS Evolved: Receipt of malformed BGP path attributes leads to RPD crash
Summary
This is a similar, but different vulnerability than the issue reported as CVE-2024-39549.
A double-free vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This double free of memory is causing an rpd crash, leading to a Denial of Service (DoS).
This issue affects:
Junos OS: * from 22.4 before 22.4R3-S4.
Junos OS Evolved: * from 22.4 before 22.4R3-S4-EVO.
Severity ?
CWE
- CWE-415 - Double Free
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS |
Affected:
22.4 , < 22.4R3-S4
(semver)
|
|||||||
|
|||||||||
Credits
Juniper SIRT would like to acknowledge and thank Craig Dods (cdods@meta.com) from Meta for responsibly reporting this vulnerability.
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39564",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T18:16:33.188029Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-26T18:16:35.494Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Junos OS",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.4R3-S4",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "Junos OS Evolved",
"vendor": "Juniper Networks",
"versions": [
{
"lessThan": "22.4R3-S3-EVO",
"status": "affected",
"version": "22.4",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Juniper SIRT would like to acknowledge and thank Craig Dods (cdods@meta.com) from Meta for responsibly reporting this vulnerability."
}
],
"datePublic": "2025-02-05T15:30:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "This is a similar, but different vulnerability than the issue reported as CVE-2024-39549.\u003cbr\u003e\u003cbr\u003eA\u0026nbsp;double-free vulnerability\u0026nbsp;in the routing process daemon (rpd) of\u0026nbsp;Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This double free of memory is causing an rpd crash, leading to a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003e\u003cbr\u003eJunos OS:\u0026nbsp;\u003cul\u003e\u003cli\u003efrom 22.4 before 22.4R3-S4.\u003c/li\u003e\u003c/ul\u003eJunos OS Evolved:\u003cul\u003e\u003cli\u003efrom 22.4 before 22.4R3-S4-EVO.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "This is a similar, but different vulnerability than the issue reported as CVE-2024-39549.\n\nA\u00a0double-free vulnerability\u00a0in the routing process daemon (rpd) of\u00a0Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This double free of memory is causing an rpd crash, leading to a Denial of Service (DoS).\n\n\nThis issue affects:\n\nJunos OS:\u00a0 * from 22.4 before 22.4R3-S4.\n\n\nJunos OS Evolved: * from 22.4 before 22.4R3-S4-EVO."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "USER",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415: Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T15:31:23.063Z",
"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"shortName": "juniper"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://supportportal.juniper.net/JSA83011"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The following software releases have been updated to resolve this specific issue:\u003cbr\u003e \u003cbr\u003eJunos OS: \u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.4R3-S4\u003c/span\u003e\u0026nbsp;and all subsequent releases.\u003cbr\u003e\u003cbr\u003e\nJunos OS Evolved:\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e22.4R3-S4-EVO and all subsequent releases.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The following software releases have been updated to resolve this specific issue:\n \nJunos OS: 22.4R3-S4\u00a0and all subsequent releases.\n\n\nJunos OS Evolved:\u00a022.4R3-S4-EVO and all subsequent releases."
}
],
"source": {
"advisory": "JSA83011",
"defect": [
"1778879"
],
"discovery": "EXTERNAL"
},
"title": "Junos OS and Junos OS Evolved: Receipt of malformed BGP path attributes leads to RPD crash",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
}
],
"value": "There are no known workarounds for this issue."
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
"assignerShortName": "juniper",
"cveId": "CVE-2024-39564",
"datePublished": "2025-02-05T15:31:23.063Z",
"dateReserved": "2024-06-25T15:12:53.249Z",
"dateUpdated": "2025-02-26T18:16:35.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2024-39564\",\"sourceIdentifier\":\"sirt@juniper.net\",\"published\":\"2025-02-05T16:15:40.270\",\"lastModified\":\"2025-02-05T16:15:40.270\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"This is a similar, but different vulnerability than the issue reported as CVE-2024-39549.\\n\\nA\u00a0double-free vulnerability\u00a0in the routing process daemon (rpd) of\u00a0Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This double free of memory is causing an rpd crash, leading to a Denial of Service (DoS).\\n\\n\\nThis issue affects:\\n\\nJunos OS:\u00a0 * from 22.4 before 22.4R3-S4.\\n\\n\\nJunos OS Evolved: * from 22.4 before 22.4R3-S4-EVO.\"},{\"lang\":\"es\",\"value\":\"Esta es una vulnerabilidad similar, pero diferente al problema informado como CVE-2024-39549. Una vulnerabilidad de doble liberaci\u00f3n en el demonio de proceso de enrutamiento (rpd) de Juniper Networks Junos OS y Junos OS Evolved permite a un atacante enviar una actualizaci\u00f3n de atributo de ruta BGP mal formada que asigna memoria utilizada para registrar el atributo de ruta incorrecta. Esta doble liberaci\u00f3n de memoria est\u00e1 causando un bloqueo de rpd, lo que lleva a una denegaci\u00f3n de servicio (DoS). Este problema afecta a: Junos OS: * desde 22.4 antes de 22.4R3-S4. Junos OS Evolved: * desde 22.4 antes de 22.4R3-S4-EVO.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"NONE\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"HIGH\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"LOW\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"USER\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}],\"cvssMetricV31\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"sirt@juniper.net\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-415\"}]}],\"references\":[{\"url\":\"https://supportportal.juniper.net/JSA83011\",\"source\":\"sirt@juniper.net\"}]}}",
"vulnrichment": {
"containers": "{\"cna\": {\"affected\": [{\"defaultStatus\": \"unaffected\", \"product\": \"Junos OS\", \"vendor\": \"Juniper Networks\", \"versions\": [{\"lessThan\": \"22.4R3-S4\", \"status\": \"affected\", \"version\": \"22.4\", \"versionType\": \"semver\"}]}, {\"defaultStatus\": \"unaffected\", \"product\": \"Junos OS Evolved\", \"vendor\": \"Juniper Networks\", \"versions\": [{\"lessThan\": \"22.4R3-S3-EVO\", \"status\": \"affected\", \"version\": \"22.4\", \"versionType\": \"semver\"}]}], \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"Juniper SIRT would like to acknowledge and thank Craig Dods (cdods@meta.com) from Meta for responsibly reporting this vulnerability.\"}], \"datePublic\": \"2025-02-05T15:30:00.000Z\", \"descriptions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"This is a similar, but different vulnerability than the issue reported as CVE-2024-39549.\u003cbr\u003e\u003cbr\u003eA\u0026nbsp;double-free vulnerability\u0026nbsp;in the routing process daemon (rpd) of\u0026nbsp;Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This double free of memory is causing an rpd crash, leading to a Denial of Service (DoS).\u003cbr\u003e\u003cbr\u003e\u003cbr\u003eThis issue affects:\u003cbr\u003e\u003cbr\u003eJunos OS:\u0026nbsp;\u003cul\u003e\u003cli\u003efrom 22.4 before 22.4R3-S4.\u003c/li\u003e\u003c/ul\u003eJunos OS Evolved:\u003cul\u003e\u003cli\u003efrom 22.4 before 22.4R3-S4-EVO.\u003c/li\u003e\u003c/ul\u003e\"}], \"value\": \"This is a similar, but different vulnerability than the issue reported as CVE-2024-39549.\\n\\nA\\u00a0double-free vulnerability\\u00a0in the routing process daemon (rpd) of\\u00a0Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This double free of memory is causing an rpd crash, leading to a Denial of Service (DoS).\\n\\n\\nThis issue affects:\\n\\nJunos OS:\\u00a0 * from 22.4 before 22.4R3-S4.\\n\\n\\nJunos OS Evolved: * from 22.4 before 22.4R3-S4-EVO.\"}], \"exploits\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\"}], \"value\": \"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\"}], \"metrics\": [{\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"version\": \"3.1\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}, {\"cvssV4_0\": {\"Automatable\": \"NOT_DEFINED\", \"Recovery\": \"USER\", \"Safety\": \"NOT_DEFINED\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"attackVector\": \"NETWORK\", \"baseScore\": 8.7, \"baseSeverity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"providerUrgency\": \"NOT_DEFINED\", \"subAvailabilityImpact\": \"LOW\", \"subConfidentialityImpact\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"valueDensity\": \"NOT_DEFINED\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/R:U\", \"version\": \"4.0\", \"vulnAvailabilityImpact\": \"HIGH\", \"vulnConfidentialityImpact\": \"NONE\", \"vulnIntegrityImpact\": \"NONE\", \"vulnerabilityResponseEffort\": \"NOT_DEFINED\"}, \"format\": \"CVSS\", \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-415\", \"description\": \"CWE-415: Double Free\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"providerMetadata\": {\"orgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"shortName\": \"juniper\", \"dateUpdated\": \"2025-02-05T15:31:23.063Z\"}, \"references\": [{\"tags\": [\"vendor-advisory\"], \"url\": \"https://supportportal.juniper.net/JSA83011\"}], \"solutions\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"The following software releases have been updated to resolve this specific issue:\u003cbr\u003e \u003cbr\u003eJunos OS: \u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e22.4R3-S4\u003c/span\u003e\u0026nbsp;and all subsequent releases.\u003cbr\u003e\u003cbr\u003e\\nJunos OS Evolved:\u0026nbsp;\u003cspan style=\\\"background-color: rgb(255, 255, 255);\\\"\u003e22.4R3-S4-EVO and all subsequent releases.\u0026nbsp;\u003c/span\u003e\u003cbr\u003e\"}], \"value\": \"The following software releases have been updated to resolve this specific issue:\\n \\nJunos OS: 22.4R3-S4\\u00a0and all subsequent releases.\\n\\n\\nJunos OS Evolved:\\u00a022.4R3-S4-EVO and all subsequent releases.\"}], \"source\": {\"advisory\": \"JSA83011\", \"defect\": [\"1778879\"], \"discovery\": \"EXTERNAL\"}, \"title\": \"Junos OS and Junos OS Evolved: Receipt of malformed BGP path attributes leads to RPD crash\", \"workarounds\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e\"}], \"value\": \"There are no known workarounds for this issue.\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-39564\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-26T18:16:33.188029Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-05T15:41:11.372Z\"}}]}",
"cveMetadata": "{\"cveId\": \"CVE-2024-39564\", \"assignerOrgId\": \"8cbe9d5a-a066-4c94-8978-4b15efeae968\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"juniper\", \"dateReserved\": \"2024-06-25T15:12:53.249Z\", \"datePublished\": \"2025-02-05T15:31:23.063Z\", \"dateUpdated\": \"2025-02-26T18:16:35.494Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…