Junos OS and Junos OS Evolved: In an EVPN-MPLS scenario...

6.5 / 10

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS).

In an EVPN-MPLS scenario, routes learned from remote multi-homed Provider Edge (PE) devices are programmed as ESI routes. Due to a logic issue in the l2ald memory management, memory allocated for these routes is not released when there is churn for these routes. As a result, memory leaks in the l2ald process which will ultimately lead to a crash and restart of l2ald.

Use the following command to monitor the memory consumption by l2ald:

user@device> show system process extensive | match "PID|l2ald"

This issue affects:

Junos OS:

* all versions before 22.4R3-S5,
* 23.2 versions before 23.2R2-S3,
* 23.4 versions before 23.4R2-S4,
* 24.2 versions before 24.2R2;

Junos OS Evolved:

* all versions before 22.4R3-S5-EVO,
* 23.2 versions before 23.2R2-S3-EVO,
* 23.4 versions before 23.4R2-S4-EVO,
* 24.2 versions before 24.2R2-EVO.

Basic Information

ID CVE-2026-33780

Source juniper

Published Apr 9, 2026 at 21:29

Affected Product

Vendor Juniper Networks

Product Junos OS

Affected Versions Juniper Networks Junos OS 0
Juniper Networks Junos OS 23.2
Juniper Networks Junos OS 23.4
Juniper Networks Junos OS 24.2
Juniper Networks Junos OS Evolved all version prior to
Juniper Networks Junos OS Evolved 23.2
Juniper Networks Junos OS Evolved 23.4
Juniper Networks Junos OS Evolved 24.2

CWE Classification

CWE-401

References

kb.juniper.net /JSA107819

{
    "lastseen": "",
    "description": "A Missing Release of Memory after Effective Lifetime vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS).\n\n\n\nIn an EVPN-MPLS scenario, routes learned from remote multi-homed Provider Edge (PE) devices are programmed as ESI routes. Due to a logic issue in the l2ald memory management, memory allocated for these routes is not released when there is churn for these routes. As a result, memory leaks in the l2ald process which will ultimately lead to a crash and restart of l2ald.\n\nUse the following command to monitor the memory consumption by l2ald:\n\nuser@device> show system process extensive | match \"PID|l2ald\" \n\n\n\nThis issue affects:\n\nJunos OS:\n\n\n\n  *  all versions before 22.4R3-S5,\n  *  23.2 versions before 23.2R2-S3,\n  *  23.4 versions before 23.4R2-S4,\n  *  24.2 versions before 24.2R2;\n\n\n\n\nJunos OS Evolved:\n\n\n\n  *  all versions before 22.4R3-S5-EVO,\n  *  23.2 versions before 23.2R2-S3-EVO,\n  *  23.4 versions before 23.4R2-S4-EVO,\n  *  24.2 versions before 24.2R2-EVO.",
    "published": "2026-04-09T21:29:20.534Z",
    "modified": "2026-04-09T21:29:20.534Z",
    "type": "cve",
    "title": "Junos OS and Junos OS Evolved: In an EVPN-MPLS scenario churn of ESI routes causes a memory leak in l2ald",
    "source": "juniper",
    "references": "https://kb.juniper.net/JSA107819",
    "id": "CVE-2026-33780",
    "bulletinFamily": "",
    "cwe": [
        "CWE-401"
    ],
    "cvelist": null,
    "sourceData": "Juniper Networks Junos OS 0\nJuniper Networks Junos OS 23.2\nJuniper Networks Junos OS 23.4\nJuniper Networks Junos OS 24.2\nJuniper Networks Junos OS Evolved all version prior to\nJuniper Networks Junos OS Evolved 23.2\nJuniper Networks Junos OS Evolved 23.4\nJuniper Networks Junos OS Evolved 24.2",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Junos OS",
    "version": "0",
    "vendor": "Juniper Networks",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Junos OS and Junos OS Evolved: In an EVPN-MPLS scenario churn of ESI routes causes a memory leak in l2ald_CVE-2026-33780