Description
A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a memory leak ultimately leading to a Denial of Service (DoS). In an EVPN-MPLS scenario, routes learned from remote multi-homed Provider Edge (PE) devices are programmed as ESI routes. Due to a logic issue in the l2ald memory management, memory allocated for these routes is not released when there is churn for these routes. As a result, memory leaks in the l2ald process which will ultimately lead to a crash and restart of l2ald. Use the following command to monitor the memory consumption by l2ald: user@device> show system process extensive | match "PID|l2ald" This issue affects: Junos OS: * all versions before 22.4R3-S5, * 23.2 versions before 23.2R2-S3, * 23.4 versions before 23.4R2-S4, * 24.2 versions before 24.2R2; Junos OS Evolved: * all versions before 22.4R3-S5-EVO, * 23.2 versions before 23.2R2-S3-EVO, * 23.4 versions before 23.4R2-S4-EVO, * 24.2 versions before 24.2R2-EVO.
INFO
Published Date :
2026-04-09T21:29:20.534Z
Last Modified :
2026-04-09T21:29:20.534Z
Source :
juniper
AFFECTED PRODUCTS
The following products are affected by CVE-2026-33780 vulnerability.
| Vendors | Products |
|---|---|
| Juniper Networks |
|
REFERENCES
Here, you will find a curated list of external links that provide in-depth information to CVE-2026-33780.
| URL | Resource |
|---|---|
| https://kb.juniper.net/JSA107819 |
|