216.73.216.133

CVE-2026-33780

· Published 09/04/2026 22:16 · Modified 09/04/2026 22:16

Labels: CVE-2026-33780 2026-04-09CVE-2026-33780CWE-401[email protected]

Essential information

Published
09/04/2026 22:16
Modified
09/04/2026 22:16
Author
Creator
CVSS
7.1 HIGH (v3) 7.1 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS). In an EVPN-MPLS scenario, routes learned from remote multi-homed Provider Edge (PE) devices are programmed as ESI routes. Due to a logic issue in the l2ald memory management, memory allocated for these routes is not released when there is churn for these routes. As a result, memory leaks in the l2ald process which will ultimately lead to a crash and restart of l2ald. Use the following command to monitor the memory consumption by l2ald: user@device> show system process extensive | match "PID|l2ald" This issue affects: Junos OS: * all versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2; Junos OS Evolved: * all versions before 22.4R3-S5-EVO, * 23.2 versions before 23.2R2-S3-EVO, * 23.4 versions before 23.4R2-S4-EVO, * 24.2 versions before 24.2R2-EVO.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
juniper / junos os cpe:2.3:o:juniper:junos_os:<22.4R3-S5:*:*:*:*:*:*:*
juniper / junos os cpe:2.3:o:juniper:junos_os:23.2:<23.2R2-S3:*:*:*:*:*:*
juniper / junos os cpe:2.3:o:juniper:junos_os:23.4:<23.4R2-S4:*:*:*:*:*:*
juniper / junos os cpe:2.3:o:juniper:junos_os:24.2:<24.2R2:*:*:*:*:*:*
juniper / junos os evolved cpe:2.3:o:juniper:junos_os_evolved:<22.4R3-S5-EVO:*:*:*:*:*:*:*
juniper / junos os evolved cpe:2.3:o:juniper:junos_os_evolved:23.2:<23.2R2-S3-EVO:*:*:*:*:*:*
juniper / junos os evolved cpe:2.3:o:juniper:junos_os_evolved:23.4:<23.4R2-S4-EVO:*:*:*:*:*:*
juniper / junos os evolved cpe:2.3:o:juniper:junos_os_evolved:24.2:<24.2R2-EVO:*:*:*:*:*:*

References