CVE-2024-39564
Published: 05 February 2025
Summary
CVE-2024-39564 is a high-severity Double Free (CWE-415) vulnerability in Juniper Junos. Its CVSS base score is 8.7 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 42.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2024-39564 is a double-free vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved. The issue, which is similar but distinct from CVE-2024-39549, occurs when an attacker sends a malformed BGP Path attribute update that allocates memory for logging the invalid attribute, triggering a double-free condition and causing an rpd crash. It affects Junos OS versions from 22.4 prior to 22.4R3-S4 and Junos OS Evolved versions from 22.4 prior to 22.4R3-S4-EVO.
A remote, unauthenticated attacker with network access can exploit this vulnerability by transmitting the malformed BGP update, leading to a denial of service (DoS) through the rpd process crash. The CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) reflects its high availability impact, low attack complexity, and lack of required privileges, making it feasible for attackers able to reach BGP sessions.
Juniper's advisory JSA83011 provides details on mitigation, available at https://supportportal.juniper.net/JSA83011. Affected systems should be upgraded to Junos OS 22.4R3-S4 or later, or Junos OS Evolved 22.4R3-S4-EVO or later, to address the vulnerability.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-38352
Vulnerability details
This is a similar, but different vulnerability than the issue reported as CVE-2024-39549. A double-free vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path…
more
attribute update which allocates memory used to log the bad path attribute. This double free of memory is causing an rpd crash, leading to a Denial of Service (DoS). This issue affects: Junos OS: * from 22.4 before 22.4R3-S4. Junos OS Evolved: * from 22.4 before 22.4R3-S4-EVO.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Malformed BGP update triggers double-free crash in rpd, directly enabling application exploitation for endpoint DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Timely flaw remediation through vendor patches directly eliminates the double-free vulnerability in the rpd process triggered by malformed BGP updates.
Memory protection safeguards such as safe unlinking and heap integrity checks mitigate the impact of double-free conditions in the rpd daemon.
Input validation of BGP path attributes prevents malformed updates from reaching the logging mechanism that triggers the double-free.