一、 漏洞 CVE-2026-21909 基础信息
漏洞信息
# Junos OS IS-IS内存泄漏导致RPD崩溃
N/A
神龙判断
是否为 Web 类漏洞: 未知
判断理由:
N/A
提示
尽管我们采用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
神龙会尽力确保数据准确,但也请结合实际情况进行甄别与判断。
神龙祝您一切顺利!
漏洞标题
Junos OS and Junos OS Evolved: Receipt of specific IS-IS update packet causes memory leak leading to RPD crash
来源:美国国家漏洞数据库 NVD
漏洞描述信息
A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt and processing of these packets will exhaust all available memory, crashing rpd and creating a Denial of Service (DoS) condition. Memory usage can be monitored through the use of the 'show task memory detail' command. For example: user@junos> show task memory detail | match ted-infra TED-INFRA-COOKIE 25 1072 28 1184 229 user@junos> show task memory detail | match ted-infra TED-INFRA-COOKIE 31 1360 34 1472 307 This issue affects: Junos OS: * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S2, 23.4R2, * from 24.1 before 24.1R2; Junos OS Evolved: * from 23.2 before 23.2R2-EVO, * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO, * from 24.1 before 24.1R2-EVO. This issue does not affect Junos OS versions before 23.2R1 or Junos OS Evolved versions before 23.2R1-EVO.
来源:美国国家漏洞数据库 NVD
CVSS信息
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
来源:美国国家漏洞数据库 NVD
漏洞类别
在移除最后引用时对内存的释放不恰当(内存泄露)
来源:美国国家漏洞数据库 NVD
漏洞标题
Juniper Networks Junos OS和Juniper Networks Junos OS Evolved 安全漏洞
来源:中国国家信息安全漏洞库 CNNVD
漏洞描述信息
Juniper Networks Junos OS和Juniper Networks Junos OS Evolved都是美国瞻博网络(Juniper Networks)公司的产品。Juniper Networks Junos OS是一套专用于该公司的硬件设备的网络操作系统。该操作系统提供了安全编程接口和Junos SDK。Juniper Networks Junos OS Evolved是Junos OS 的升级版系统。 Juniper Networks Junos OS和Juniper Network
来源:中国国家信息安全漏洞库 CNNVD
CVSS信息
N/A
来源:中国国家信息安全漏洞库 CNNVD
漏洞类别
其他
来源:中国国家信息安全漏洞库 CNNVD
二、漏洞 CVE-2026-21909 的公开POC
| # | POC 描述 | 源链接 | 神龙链接 |
|---|
三、漏洞 CVE-2026-21909 的情报信息
标题: 2026-01 Security Bulletin: Junos OS and Junos OS Evolved: Receipt of specific IS-IS update packet causes memory leak leading to RPD crash (CVE-2026-21909) -- 🔗来源链接
标签:vendor-advisory
神龙速读:## 漏洞关键信息 ### 漏洞描述 - **漏洞编号**: CVE-2026-21909 - **标题**: 2026-01 Security Bulletin: Junos OS and Junos OS Evolved: Receipt of specific IS-IS update packet causes memory leak leading to RPD crash ### 影响产品 - **Junos OS**: 23.2, 23.4, 24.1 - **Junos OS Evolved**: 23.2, 23.4, 24.1 ### 问题描述 - **内存泄漏**: 路由协议守护进程 (RPD) 中存在未释放内存的漏洞,允许未经验证的攻击者通过发送特定的IS-IS更新包导致内存泄漏。持续接收和处理这些包将耗尽所有可用内存,导致RPD崩溃并造成拒绝服务 (DoS) 条件。 ### 相关命令 ```bash show task memory detail | match ted-infra-ISIS-ADJACENCY-COOKIES ``` ### 解决方案 - **Junos OS**: 23.2R2, 23.4R1-S2, 23.4R2, 24.1R2, 24.2R1及后续版本 - **Junos OS Evolved**: 23.2R2-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.1R2-EVO, 24.2R1-EVO及后续版本 ### 严重性评估 - **CVSS v3.1**: 6.5 - **CVSS v4.0**: 7.1 ### 绕行方案 - **暂无已知的绕行方案** ### 修复追踪 - **相关工单**: 1793982 ### 风险评估 - **中等严重性**
标题: 2026-01 Security Bulletin: Junos OS and Junos OS Evolved: Receipt of specific IS-IS update packet causes memory leak leading to RPD crash (CVE-2026-21909) -- 🔗来源链接
标签:vendor-advisory
神龙速读:## 2026-01 Security Bulletin: Junos OS and Junos OS Evolved Memory Leak Vulnerability (CVE-2026-21909) ### Key Information - **Affected Products:** - Junos OS: 23.2, 23.4, 24.1 - Junos OS Evolved: 23.2, 23.4, 24.1 - **Severity:** - CVSSv3.1: 6.5 - CVSSv4.0: 7.1 - **Problem:** - Memory leak in the routing protocol daemon (rpd) due to IS-IS update packet processing, leading to RPD crash and potential Denial of Service (DoS). - **Solution:** - Apply the following software releases: - Junos OS: 23.2R2, 23.4R1-S2, 23.4R2, 24.1R2, 24.2R1, and all subsequent releases. - Junos OS Evolved: 23.2R2-EVO, 23.4R1-S2-EVO, 23.4R2-EVO, 24.1R2-EVO, 24.2R1-EVO, and all subsequent releases. - **Tracking ID:** - 1793982
- https://nvd.nist.gov/vuln/detail/CVE-2026-21909
四、漏洞 CVE-2026-21909 的评论
暂无评论