What is the severity of CVE-2024-39518?

CVE-2024-39518 has been assigned a high severity rating due to its potential to cause a Denial of Service (DoS).

How do I fix CVE-2024-39518?

To fix CVE-2024-39518, upgrade to the latest recommended version of Junos OS that resolves this vulnerability as indicated by Juniper Networks.

Which platforms are affected by CVE-2024-39518?

CVE-2024-39518 affects Juniper Networks Junos OS on MX240, MX480, and MX960 platforms using MPC10E.

What are the symptoms of CVE-2024-39518?

The symptoms of CVE-2024-39518 include steady increases in memory utilization, ultimately leading to a Denial of Service.

Is CVE-2024-39518 currently being exploited in the wild?

As of now, there are no confirmed reports of exploitation of CVE-2024-39518 in the wild.

Vulnerability/
CVE-2024-39518

high

8.7

CWE

122 119 787

10/7/2024

3/3/2025

CVE-2024-39518: Junos OS: MX240, MX480, MX960 platforms using MPC10E: Memory leak will be observed when subscribed to a specific subscription on Junos Telemetry Interface

First published: Wed Jul 10 2024(Updated: )

A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial of Service (DoS). When the device is subscribed to a specific subscription on Junos Telemetry Interface, a slow memory leak occurs and eventually all resources are consumed and the device becomes unresponsive. A manual reboot of the Line Card will be required to restore the device to its normal functioning. This issue is only seen when telemetry subscription is active. The Heap memory utilization can be monitored using the following command: > show system processes extensive The following command can be used to monitor the memory utilization of the specific sensor > show system info | match sensord PID NAME MEMORY PEAK MEMORY %CPU THREAD-COUNT CORE-AFFINITY UPTIME 1986 sensord 877.57MB 877.57MB 2 4 0,2-15 7-21:41:32 This issue affects Junos OS: * from 21.2R3-S5 before 21.2R3-S7, * from 21.4R3-S4 before 21.4R3-S6, * from 22.2R3 before 22.2R3-S4, * from 22.3R2 before 22.3R3-S2, * from 22.4R1 before 22.4R3, * from 23.2R1 before 23.2R2.

Credit: sirt@juniper.net

Affected Software	Affected Version	How to fix
All of
Any of
Junos OS Evolved	=21.2-r3-s5
Junos OS Evolved	=21.2-r3-s6
Junos OS Evolved	=21.4-r3-s4
Junos OS Evolved	=21.4-r3-s5
Junos OS Evolved	=22.2-r3
Junos OS Evolved	=22.2-r3-s1
Junos OS Evolved	=22.2-r3-s2
Junos OS Evolved	=22.2-r3-s3
Junos OS Evolved	=22.3-r2
Junos OS Evolved	=22.3-r2-s1
Junos OS Evolved	=22.3-r2-s2
Junos OS Evolved	=22.3-r3
Junos OS Evolved	=22.3-r3-s1
Junos OS Evolved	=22.4-r1
Junos OS Evolved	=22.4-r1-s1
Junos OS Evolved	=22.4-r1-s2
Junos OS Evolved	=22.4-r2
Junos OS Evolved	=22.4-r2-s1
Junos OS Evolved	=22.4-r2-s2
Junos OS Evolved	=23.2-r1
Junos OS Evolved	=23.2-r1-s1
Junos OS Evolved	=23.2-r1-s2
Any of
Juniper MX240
Juniper MX480
Juniper MX960
Juniper JUNOS	>=21.2R3-S5<21.2R3-S7>=21.4R3-S4<21.4R3-S6>=22.2R3<22.2R3-S4>=22.3R2<22.3R3-S2>=22.4R1<22.4R3>=23.2R1<23.2R2

Remedy

The following software releases have been updated to resolve this specific issue: 20.4R3-S10, 21.2R3-S7, 21.4R3-S6, 22.2R3-S3, 22.2R3-S4, 22.3R3-S2, 22.4R3, 23.2R2, 23.4R1, 23.4R2, and all subsequent releases.

Never miss a vulnerability like this again

Reference Links

https://supportportal.juniper.net/JSA82982

Frequently Asked Questions

What is the severity of CVE-2024-39518?
CVE-2024-39518 has been assigned a high severity rating due to its potential to cause a Denial of Service (DoS).
How do I fix CVE-2024-39518?
To fix CVE-2024-39518, upgrade to the latest recommended version of Junos OS that resolves this vulnerability as indicated by Juniper Networks.
Which platforms are affected by CVE-2024-39518?
CVE-2024-39518 affects Juniper Networks Junos OS on MX240, MX480, and MX960 platforms using MPC10E.
What are the symptoms of CVE-2024-39518?
The symptoms of CVE-2024-39518 include steady increases in memory utilization, ultimately leading to a Denial of Service.
Is CVE-2024-39518 currently being exploited in the wild?
As of now, there are no confirmed reports of exploitation of CVE-2024-39518 in the wild.

agent/remedy
agent/references
agent/title
agent/first-publish-date
agent/type
agent/description
agent/author
agent/severity
collector/mitre-cve
source/MITRE
agent/source
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/weakness
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/event
collector/nvd-api
source/NVD
vendor/juniper networks
canonical/juniper junos
vendor/juniper
canonical/junos os evolved
version/junos os evolved/21.2-r3-s5
version/junos os evolved/21.2-r3-s6
version/junos os evolved/21.4-r3-s4
version/junos os evolved/21.4-r3-s5
version/junos os evolved/22.2-r3
version/junos os evolved/22.2-r3-s1
version/junos os evolved/22.2-r3-s2
version/junos os evolved/22.2-r3-s3
version/junos os evolved/22.3-r2
version/junos os evolved/22.3-r2-s1
version/junos os evolved/22.3-r2-s2
version/junos os evolved/22.3-r3
version/junos os evolved/22.3-r3-s1
version/junos os evolved/22.4-r1
version/junos os evolved/22.4-r1-s1
version/junos os evolved/22.4-r1-s2
version/junos os evolved/22.4-r2
version/junos os evolved/22.4-r2-s1
version/junos os evolved/22.4-r2-s2
version/junos os evolved/23.2-r1
version/junos os evolved/23.2-r1-s1
version/junos os evolved/23.2-r1-s2
canonical/juniper mx240
canonical/juniper mx480
canonical/juniper mx960