A Missing Release of Memory after Effective Lifetime vulnerability in the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked malicious user to cause Denial of Service (DoS). In a scenario where Public Key Infrastructure (PKI) is used in combination with Certificate Revocation List (CRL), if the CRL fails to download the memory allocated to store the CRL is not released. Repeated occurrences will eventually consume all available memory and lead to an inoperable state of the affected system causing a DoS. This issue affects Juniper Networks Junos OS: All versions before 18.3R3-S6; 18.4 versions before 18.4R2-S9, 18.4R3-S10; 19.1 versions before 19.1R2-S3, 19.1R3-S7; 19.2 versions before 19.2R1-S8, 19.2R3-S4; 19.3 versions before 19.3R3-S4; 19.4 versions before 19.4R2-S5, 19.4R3-S5; 20.1 versions before 20.1R3-S1; 20.2 versions before 20.2R3-S2; 20.3 versions before 20.3R3-S1; 20.4 versions before 20.4R3; 21.1 versions before 21.1R2, 21.1R3; 21.2 versions before 21.2R1-S1, 21.2R2. This issue can be observed by monitoring the memory utilization of the pkid process via: root@jtac-srx1500-r2003> show system processes extensive | match pki 20931 root 20 0 733M 14352K select 0:00 0.00% pkid which increases over time: root@jtac-srx1500-r2003> show system processes extensive | match pki 22587 root 20 0 901M 181M select 0:03 0.00% pkid
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
juniper junos |
||
juniper junos 18.3 |
||
juniper junos 18.4 |
||
juniper junos 19.1 |
||
juniper junos 19.2 |
||
juniper junos 19.3 |
||
juniper junos 19.4 |
||
juniper junos 20.1 |
||
juniper junos 20.2 |
||
juniper junos 20.3 |
||
juniper junos 20.4 |
||
juniper junos 21.1 |
||
juniper junos 21.2 |
Vulmon