A Missing Release of Memory after Effective Lifetime vulnerability in Juniper Networks Junos OS on MX Series allows an unauthenticated adjacent attacker to cause a Denial-of-Service (DoS).

In a subscriber management scenario continuous subscriber logins will trigger a memory leak and eventually lead to an FPC crash and restart.

This issue affects Junos OS on MX Series:

• All version before 21.2R3-S6,
• 21.4 versions before 21.4R3-S6,
• 22.1 versions before 22.1R3-S5,
• 22.2 versions before 22.2R3-S3, 
• 22.3 versions before 22.3R3-S2,
• 22.4 versions before 22.4R3,
• 23.2 versions before 23.2R2.

References

• https://nvd.nist.gov/vuln/detail/CVE-2024-39539
• https://supportportal.juniper.net/JSA82999