Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-bnjm-gky9-yufe
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS).

In a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd.

Thread level memory utilization for the areas where the leak occurs can be checked using the below command:

user@host> show task memory detail | match so_in
so_in6 28 32 344450 11022400 344760 11032320
so_in 8 16 1841629 29466064 1841734 29467744
This issue affects:

Junos OS



  *  21.4 versions earlier than 21.4R3;
  *  22.1 versions earlier than 22.1R3;
  *  22.2 versions earlier than 22.2R3.




Junos OS Evolved



  *  21.4-EVO versions earlier than 21.4R3-EVO;
  *  22.1-EVO versions earlier than 22.1R3-EVO;
  *  22.2-EVO versions earlier than 22.2R3-EVO.




This issue does not affect:

Juniper Networks Junos OS versions earlier than 21.4R1.

Juniper Networks Junos OS Evolved versions earlier than 21.4R1.
Aliases
0
alias CVE-2024-21611
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-21611
reference_id
reference_type
scores
0
value 0.00242
scoring_system epss
scoring_elements 0.47865
published_at 2026-06-14T12:55:00Z
1
value 0.00242
scoring_system epss
scoring_elements 0.47722
published_at 2026-06-11T12:55:00Z
2
value 0.00242
scoring_system epss
scoring_elements 0.47863
published_at 2026-06-12T12:55:00Z
3
value 0.00242
scoring_system epss
scoring_elements 0.4788
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-21611
1
reference_url https://supportportal.juniper.net/JSA75752
reference_id JSA75752
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-12T15:45:51Z/
url https://supportportal.juniper.net/JSA75752
2
reference_url https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
reference_id SA:L
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-12T15:45:51Z/
url https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L
Weaknesses
0
cwe_id 401
name Missing Release of Memory after Effective Lifetime
description The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.
Exploits
Severity_range_score7.5 - 7.5
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-bnjm-gky9-yufe