216.73.216.133

CVE-2026-21909

· Published 15/01/2026 21:16 · Modified 16/01/2026 15:55

Labels: CVE-2026-21909 2026-01-15CVE-2026-21909CWE-401[email protected]

Essential information

Published
15/01/2026 21:16
Modified
16/01/2026 15:55
Author
Creator
CVSS
7.1 HIGH (v3) 7.1 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated attacker controlling an adjacent IS-IS neighbor to send a specific update packet causing a memory leak. Continued receipt and processing of these packets will exhaust all available memory, crashing rpd and creating a Denial of Service (DoS) condition. Memory usage can be monitored through the use of the 'show task memory detail' command. For example: user@junos> show task memory detail | match ted-infra   TED-INFRA-COOKIE           25   1072     28   1184     229 user@junos> show task memory detail | match ted-infra   TED-INFRA-COOKIE           31   1360     34   1472     307 This issue affects: Junos OS:  * from 23.2 before 23.2R2,  * from 23.4 before 23.4R1-S2, 23.4R2,  * from 24.1 before 24.1R2;  Junos OS Evolved:  * from 23.2 before 23.2R2-EVO,  * from 23.4 before 23.4R1-S2-EVO, 23.4R2-EVO,  * from 24.1 before 24.1R2-EVO. This issue does not affect Junos OS versions before 23.2R1 or Junos OS Evolved versions before 23.2R1-EVO.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
juniper / juniper junos os cpe:2.3:a:juniper:juniper_junos_os:<23.2:*:*:*:*:*:*:*
juniper / juniper junos os cpe:2.3:a:juniper:juniper_junos_os:<23.4.*:*:*:*:*:*:*
juniper / juniper junos os cpe:2.3:a:juniper:juniper_junos_os:23.4R2:*:*:*:*:*:*
juniper / juniper junos os cpe:2.3:a:juniper:juniper_junos_os:<24.1:*:*:*:*:*:*:*
juniper / juniper junos os evolved cpe:2.3:a:juniper:juniper_junos_os_evolved:<23.2:*:*:*:*:*:*:*
juniper / juniper junos os evolved cpe:2.3:a:juniper:juniper_junos_os_evolved:<23.4.*:*:*:*:*:*:*
juniper / juniper junos os evolved cpe:2.3:a:juniper:juniper_junos_os_evolved:23.4R2-EVO:*:*:*:*:*:*
juniper / juniper junos os evolved cpe:2.3:a:juniper:juniper_junos_os_evolved:<24.1:*:*:*:*:*:*:*

References