CVE-2026-33780 PUBLISHED

Junos OS and Junos OS Evolved: In an EVPN-MPLS scenario churn of ESI routes causes a memory leak in l2ald

Assigner: juniper
Reserved: 23.03.2026 Published: 09.04.2026 Updated: 09.04.2026

A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS).

In an EVPN-MPLS scenario, routes learned from remote multi-homed Provider Edge (PE) devices are programmed as ESI routes. Due to a logic issue in the l2ald memory management, memory allocated for these routes is not released when there is churn for these routes. As a result, memory leaks in the l2ald process which will ultimately lead to a crash and restart of l2ald.

Use the following command to monitor the memory consumption by l2ald:

user@device> show system process extensive | match "PID|l2ald"

This issue affects:

Junos OS:

all versions before 22.4R3-S5,
23.2 versions before 23.2R2-S3,
23.4 versions before 23.4R2-S4,
24.2 versions before 24.2R2;

Junos OS Evolved:

all versions before 22.4R3-S5-EVO,
23.2 versions before 23.2R2-S3-EVO,
23.4 versions before 23.4R2-S4-EVO,
24.2 versions before 24.2R2-EVO.

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Score: 6.5

Attack Vector	Adjacent Network	Scope	Unchanged
Attack Complexity	Low	Confidentiality Impact	None
Privileges Required	None	Integrity Impact	None
User Interaction	None	Availability Impact	High

CVSS 3.1

CVSS Vector: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/AU:Y/RE:M
CVSS Score: 7.1

Exploitability Metrics		Vulnerable System Impact Metrics		Subsequent System Impact Metrics
Attack Vector	Adjacent	Confidentiality	None	Confidentiality	None
Attack Complexity	Low	Integrity	None	Integrity	None
Attack Requirements	None	Availability	High	Availability	Low
Privileges Required	None
User Interaction	None

CVSS 4.0

Product Status

Vendor	Juniper Networks
Product	Junos OS
Versions	Default: unaffected affected from 0 to 22.4R3-S5 (excl.) affected from 23.2 to 23.2R2-S3 (excl.) affected from 23.4 to 23.4R2-S4 (excl.) affected from 24.2 to 24.2R2 (excl.)

Vendor	Juniper Networks
Product	Junos OS Evolved
Versions	Default: unaffected affected from all version prior to to 22.4R3-S5-EVO (excl.) affected from 23.2 to 23.2R2-S3-EVO (excl.) affected from 23.4 to 23.4R2-S4-EVO (excl.) affected from 24.2 to 24.2R2-EVO (excl.)

Affected Configurations

To be exposed to this issue the device must be configured for EVPN-MPLS. Refer to product documentation for how to configure EVPN-MPLS as there are different configuration options.

Exploits

Juniper SIRT is not aware of any malicious exploitation of this vulnerability.

Workarounds

There are no known workarounds for this issue.

Solutions

The following software releases have been updated to resolve this specific issue: Junos OS Evolved: 22.4R3-S5-EVO, 23.2R2-S3-EVO, 23.4R2-S4-EVO, 24.2R2-EVO, 24.4R1-EVO, and all subsequent releases; Junos OS: 22.4R3-S5, 23.2R2-S3, 23.4R2-S4, 24.2R2, 24.4R1, and all subsequent releases.

References

https://kb.juniper.net/JSA107819

Problem Types

CWE-401 Missing Release of Memory after Effective Lifetime CWE