Junos OS: MX Series with SPC3 line card: Port flaps causes rtlogd memory leak leading to Denial of Service

A Missing Release of Memory after Effective Lifetime vulnerability in the rtlogd process of Juniper Networks Junos OS on MX Series with SPC3 allows an unauthenticated, adjacent attacker to trigger internal events cause ( which can be done by repeated port flaps) to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). Memory can only be recovered by manually restarting rtlogd process.  The memory usage can be monitored using the below command.     user@host> show system processes extensive | match rtlog  This issue affects Junos OS on MX Series with SPC3 line card:  * from 21.2R3 before 21.2R3-S8,  * from 21.4R2 before 21.4R3-S6,  * from 22.1 before 22.1R3-S5,  * from 22.2 before 22.2R3-S3,  * from 22.3 before 22.3R3-S2,  * from 22.4 before 22.4R3-S1,  * from 23.2 before 23.2R2,  * from 23.4 before 23.4R2.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

在移除最后引用时对内存的释放不恰当(内存泄露)

Juniper Networks Junos OS 安全漏洞

Juniper Networks Junos OS是美国瞻博网络（Juniper Networks）公司的一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。 Juniper Networks Junos OS存在安全漏洞，该漏洞源于存在有效生命周期后内存释放缺失漏洞，允许未经身份验证的相邻攻击者导致拒绝服务(DoS)。

N/A

N/A