An Uncontrolled Resource Consumption vulnerability in the 

Layer 2 Address Learning Daemon (l2ald)

 of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service (DoS).

Certain MAC table updates cause a small amount of memory to leak.  Once memory utilization reaches its limit, the issue will result in a system crash and restart.

To identify the issue, execute the CLI command:
 
user@device> show platform application-info allocations app l2ald-agent
EVL Object Allocation Statistics:
 
 Node    Application       Context   Name                                 Live     Allocs     Fails       Guids
 re0     l2ald-agent                 net::juniper::rtnh::L2Rtinfo         1069096  1069302    0           1069302
 re0     l2ald-agent                 net::juniper::rtnh::NHOpaqueTlv       114      195        0           195



This issue affects Junos OS Evolved: 


  *  All versions before 21.4R3-S8-EVO,

  *  from 22.2-EVO before 22.2R3-S4-EVO, 
  *  from 22.3-EVO before 22.3R3-S3-EVO, 
  *  from 22.4-EVO before 22.4R3-EVO, 
  *  from 23.2-EVO before 23.2R2-EVO.

Juniper Networks, Inc. CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X

Juniper Networks, Inc. AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Juniper Networks, Inc. CWE-400

Juniper Networks, Inc. https://supportportal.juniper.net/JSA83017 [No types assigned]