Cyber Posture

CVE-2024-39564

High

Published: 05 February 2025

Published
05 February 2025
Modified
26 January 2026
KEV Added
Patch
CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0034 56.8th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-39564 is a high-severity Double Free (CWE-415) vulnerability in Juniper Junos. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 43.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Timely flaw remediation through vendor patches directly eliminates the double-free vulnerability in the rpd process triggered by malformed BGP updates.

SI-16 Memory Protection partial match
prevent

Memory protection safeguards such as safe unlinking and heap integrity checks mitigate the impact of double-free conditions in the rpd daemon.

SI-10 Information Input Validation partial match
prevent

Input validation of BGP path attributes prevents malformed updates from reaching the logging mechanism that triggers the double-free.

NVD Description

This is a similar, but different vulnerability than the issue reported as CVE-2024-39549. A double-free vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path…

more

attribute update which allocates memory used to log the bad path attribute. This double free of memory is causing an rpd crash, leading to a Denial of Service (DoS). This issue affects: Junos OS: * from 22.4 before 22.4R3-S4. Junos OS Evolved: * from 22.4 before 22.4R3-S4-EVO.

Deeper analysisAI

CVE-2024-39564 is a double-free vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. The issue, which is similar but distinct from CVE-2024-39549, occurs when an attacker sends a malformed BGP Path attribute update that allocates memory for logging the invalid attribute, triggering a double-free condition and causing an rpd crash. It affects Junos OS versions from 22.4 prior to 22.4R3-S4 and Junos OS Evolved versions from 22.4 prior to 22.4R3-S4-EVO.

A remote, unauthenticated attacker with network access can exploit this vulnerability by transmitting the malformed BGP update, leading to a denial of service (DoS) through the rpd process crash. The CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) reflects its high availability impact, low attack complexity, and lack of required privileges, making it feasible for attackers able to reach BGP sessions.

Juniper's advisory JSA83011 provides details on mitigation, available at https://supportportal.juniper.net/JSA83011. Affected systems should be upgraded to Junos OS 22.4R3-S4 or later, or Junos OS Evolved 22.4R3-S4-EVO or later, to address the vulnerability.

Details

CWE(s)
CWE-415

Affected Products

juniper
junos
21.2, 21.4, 22.2, 22.3, 22.4 · ≤ 21.2
juniper
junos os evolved
21.2, 21.4, 22.2, 22.3, 22.4 · ≤ 21.2

CVEs Like This One

CVE-2026-33797Same product: Juniper Junos
CVE-2025-60003Same product: Juniper Junos
CVE-2025-59960Same product: Juniper Junos
CVE-2026-21908Same product: Juniper Junos
CVE-2026-33793Same product: Juniper Junos
CVE-2025-21598Same product: Juniper Junos
CVE-2026-21918Same product: Juniper Junos
CVE-2026-21916Same product: Juniper Junos
CVE-2025-21599Same product: Juniper Junos Os Evolved
CVE-2025-21590Same product: Juniper Junos

References