CVE-2024-39564

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-415
View all →

Vulnerability Description

This is a similar, but different vulnerability than the issue reported as CVE-2024-39549. A double-free vulnerability in the routing process daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a malformed BGP Path attribute update which allocates memory used to log the bad path attribute. This double free of memory is causing an rpd crash, leading to a Denial of Service (DoS). This issue affects: Junos OS: * from 22.4 before 22.4R3-S4. Junos OS Evolved: * from 22.4 before 22.4R3-S4-EVO.

Related Vulnerabilities

CVE-2005-0891

HIGH
CVSS:7.5(High)

Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.

CWE-4152005

CVE-2011-2335

HIGH
CVSS:7.5(High)

A double-free vulnerability exists in WebKit in Google Chrome before Blink M12 in the WebCore::CSSSelector function.

CWE-4152011

CVE-2015-5177

HIGH
CVSS:7.5(High)

Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package.

CWE-4152015

CVE-2016-9969

HIGH
CVSS:7.5(High)

In libwebp 0.5.1, there is a double free bug in libwebpmux.

CWE-4152016

CVE-2017-18594

HIGH
CVSS:7.5(High)

nse_libssh2.cc in Nmap 7.70 is subject to a denial of service condition due to a double free when an SSH connection fails, as demonstrated by a leading \n character to ssh-brute.nse or ssh-auth-method...

CWE-4152017

CVE-2017-5836

HIGH
CVSS:7.5(High)

The plist_free_data function in plist.c in libplist allows attackers to cause a denial of service (crash) via vectors involving an integer node that is treated as a PLIST_KEY and then triggers an inva...

CWE-4152017