6.5
/ 10
MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticated attacker to cause a memory leak, that will eventually cause a complete Denial-of-Service (DoS).
In a DHCPv6 over PPPoE, or DHCPv6 over VLAN with Active lease query or Bulk lease query scenario, every subscriber logout will leak a small amount of memory. When all available memory has been exhausted, jdhcpd will crash and restart which causes a complete service impact until the process has recovered.
The memory usage of jdhcpd can be monitored with:
user@host> show system processes extensive | match jdhcpd
This issue affects Junos OS:
* all versions before 22.4R3-S1,
* 23.2 versions before 23.2R2,
* 23.4 versions before 23.4R2.
In a DHCPv6 over PPPoE, or DHCPv6 over VLAN with Active lease query or Bulk lease query scenario, every subscriber logout will leak a small amount of memory. When all available memory has been exhausted, jdhcpd will crash and restart which causes a complete service impact until the process has recovered.
The memory usage of jdhcpd can be monitored with:
user@host> show system processes extensive | match jdhcpd
This issue affects Junos OS:
* all versions before 22.4R3-S1,
* 23.2 versions before 23.2R2,
* 23.4 versions before 23.4R2.
Basic Information
ID
CVE-2026-33782
Source
juniper
Published
Apr 9, 2026 at 21:29
Affected Product
Vendor
Juniper Networks
Product
Junos OS
Affected Versions
Juniper Networks Junos OS 0
Juniper Networks Junos OS 23.2
Juniper Networks Junos OS 23.4
Juniper Networks Junos OS 23.2
Juniper Networks Junos OS 23.4