216.73.216.233

CVE-2026-33782

· Published 09/04/2026 22:16 · Modified 09/04/2026 22:16

Labels: CVE-2026-33782 2026-04-09CVE-2026-33782CWE-401[email protected]

Essential information

Published
09/04/2026 22:16
Modified
09/04/2026 22:16
Author
Creator
CVSS
8.7 HIGH (v3) 8.7 HIGH (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticated attacker to cause a memory leak, that will eventually cause a complete Denial-of-Service (DoS). In a DHCPv6 over PPPoE, or DHCPv6 over VLAN with Active lease query or Bulk lease query scenario, every subscriber logout will leak a small amount of memory. When all available memory has been exhausted, jdhcpd will crash and restart which causes a complete service impact until the process has recovered. The memory usage of jdhcpd can be monitored with: user@host> show system processes extensive | match jdhcpd This issue affects Junos OS: * all versions before 22.4R3-S1, * 23.2 versions before 23.2R2, * 23.4 versions before 23.4R2.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
juniper networks / junos os cpe:2.3:o:juniper_networks:junos_os:<22.4R3-S1:*:*:*:*:*:*:*
juniper networks / junos os cpe:2.3:o:juniper_networks:junos_os:<23.2:R2:*:*:*:*:*:*:*
juniper networks / junos os cpe:2.3:o:juniper_networks:junos_os:<23.4:R2:*:*:*:*:*:*:*

References