This issue only happens when jflow is configured:
[ services flow-monitoring (version-ipfix|version9) ] A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).
In a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd.
Thread level memory utilization for the areas where the leak occurs can be checked using the below command:
user@host> show task memory detail | match so_inso_in6 28 32 344450 11022400 344760 11032320so_in 8 16 1841629 29466064 1841734 29467744This issue affects:
Junos OS
Junos OS Evolved
This issue does not affect:
Juniper Networks Junos OS versions earlier than 21.4R1.
Juniper Networks Junos OS Evolved versions earlier than 21.4R1.
\n\n"}],"value":"\nA Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).\n\nIn a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd.\n\nThread level memory utilization for the areas where the leak occurs can be checked using the below command:\n\nuser@host> show task memory detail | match so_in\nso_in6 28 32 344450 11022400 344760 11032320\nso_in 8 16 1841629 29466064 1841734 29467744\nThis issue affects:\n\nJunos OS\n\n\n\n * 21.4 versions earlier than 21.4R3;\n * 22.1 versions earlier than 22.1R3;\n * 22.2 versions earlier than 22.2R3.\n\n\n\n\nJunos OS Evolved\n\n\n\n * 21.4-EVO versions earlier than 21.4R3-EVO;\n * 22.1-EVO versions earlier than 22.1R3-EVO;\n * 22.2-EVO versions earlier than 22.2R3-EVO.\n\n\n\n\nThis issue does not affect:\n\nJuniper Networks Junos OS versions earlier than 21.4R1.\n\nJuniper Networks Junos OS Evolved versions earlier than 21.4R1.\n\n\n\n"}],"exploits":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.
"}],"value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH","confidentialityImpact":"NONE","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-401","description":"CWE-401 Missing Release of Memory after Effective Lifetime","lang":"en","type":"CWE"}]},{"descriptions":[{"description":"Denial of Service (DoS)","lang":"en"}]}],"providerMetadata":{"orgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","shortName":"juniper","dateUpdated":"2024-01-12T00:55:22.381Z"},"references":[{"tags":["vendor-advisory"],"url":"https://supportportal.juniper.net/JSA75752"},{"tags":["technical-description"],"url":"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"The following software releases have been updated to resolve this specific issue:
Junos OS: 21.4R3, 22.1R3, 22.2R3, 22.3R1, and all subsequent releases.
Junos OS Evolved: 21.4R3-EVO, 22.1R3-EVO, 22.2R3-EVO, 22.3R1-EVO, and all subsequent releases.
"}],"value":"The following software releases have been updated to resolve this specific issue:\n\nJunos OS: 21.4R3, 22.1R3, 22.2R3, 22.3R1, and all subsequent releases.\n\nJunos OS Evolved: 21.4R3-EVO, 22.1R3-EVO, 22.2R3-EVO, 22.3R1-EVO, and all subsequent releases.\n\n"}],"source":{"advisory":"JSA75752","defect":["1681394"],"discovery":"USER"},"timeline":[{"lang":"en","time":"2024-01-10T17:00:00.000Z","value":"Initial Publication"}],"title":"Junos OS and Junos OS Evolved: In a jflow scenario continuous route churn will cause a memory leak and eventually an rpd crash","workarounds":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"Although not a workaround, it is advised to monitor the memory utilization proactively and when it reaches 85% of total RE memory, restart rpd or reboot the system.
"}],"value":"Although not a workaround, it is advised to monitor the memory utilization proactively and when it reaches 85% of total RE memory, restart rpd or reboot the system.\n\n"}],"x_generator":{"engine":"Vulnogram 0.1.0-av217"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T22:27:35.691Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://supportportal.juniper.net/JSA75752"},{"tags":["technical-description","x_transferred"],"url":"https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L"}]},{"metrics":[{"other":{"type":"ssvc","content":{"id":"CVE-2024-21611","role":"CISA Coordinator","options":[{"Exploitation":"none"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"version":"2.0.3","timestamp":"2024-01-12T15:45:51.338420Z"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-06-17T21:09:20.069Z"}}]}}