CVE-2026-33775
Memory Leak in Juniper bbe-smgd Causes Denial of Service
Publication date: 2026-04-09
Last updated on: 2026-04-17
Assigner: Juniper Networks, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| juniper | junos | 22.4 |
| juniper | junos | 22.4 |
| juniper | junos | 22.4 |
| juniper | junos | 22.4 |
| juniper | junos | 23.2 |
| juniper | junos | 22.4 |
| juniper | junos | 23.2 |
| juniper | junos | 22.4 |
| juniper | junos | 22.4 |
| juniper | junos | 22.4 |
| juniper | junos | 23.2 |
| juniper | junos | 23.2 |
| juniper | junos | 23.4 |
| juniper | junos | 23.4 |
| juniper | junos | 22.4 |
| juniper | junos | 22.4 |
| juniper | junos | 23.4 |
| juniper | junos | 23.2 |
| juniper | junos | 24.2 |
| juniper | junos | 24.2 |
| juniper | junos | 23.4 |
| juniper | junos | 22.4 |
| juniper | junos | 22.4 |
| juniper | junos | 22.4 |
| juniper | junos | 23.2 |
| juniper | junos | 23.2 |
| juniper | junos | 23.4 |
| juniper | junos | 23.4 |
| juniper | junos | 23.4 |
| juniper | junos | 23.4 |
| juniper | junos | 24.2 |
| juniper | junos | 24.2 |
| juniper | junos | to 22.4 (exc) |
| juniper | junos | 22.4 |
| juniper | junos | 22.4 |
| juniper | junos | 23.2 |
| juniper | junos | 23.2 |
| juniper | junos | 23.4 |
| juniper | junos | 24.2 |
| juniper | junos | 24.4 |
| juniper | junos | 24.4 |
| juniper | junos | 24.4 |
| juniper | junos | 24.4 |
| juniper | junos | 24.2 |
| juniper | junos | 23.4 |
| juniper | junos | 25.2 |
| juniper | junos | 25.2 |
| juniper | junos | 25.2 |
| juniper | junos | 25.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-401 | The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Missing Release of Memory after Effective Lifetime issue in the BroadBand Edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series devices.
It occurs when the authentication packet-type option is configured and a received packet does not match that packet type, causing a memory leak.
As memory is consumed and not released properly, eventually all available memory for bbe-smgd is exhausted.
When this happens, no new subscribers can log in, resulting in a Denial of Service (DoS).
How can this vulnerability impact me? :
An adjacent, unauthenticated attacker can exploit this vulnerability to cause a Denial of Service (DoS) on Junos OS MX Series devices.
By sending packets that do not match the configured authentication packet-type, the attacker triggers a memory leak in the bbe-smgd daemon.
Once the daemon's memory is exhausted, no new subscribers will be able to log in, potentially disrupting network services and connectivity.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
The memory utilization of the bbe-smgd daemon can be monitored using the following command:
- show system processes extensive | match bbe-smgd
Additionally, you can look for the following log message which indicates that the memory limit has been reached:
- bbesmgd[<PID>]: %DAEMON-3-SMD_DPROF_RSMON_ERROR: Resource unavailability, Reason: Daemon Heap Memory exhaustion
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, monitor the memory utilization of the bbe-smgd process using the command: show system processes extensive | match bbe-smgd.
Be alert for the log message indicating memory exhaustion: bbesmgd[<PID>]: %DAEMON-3-SMD_DPROF_RSMON_ERROR: Resource unavailability, Reason: Daemon Heap Memory exhaustion.
Upgrade Junos OS on MX Series to a fixed version that addresses this issue. The affected versions are all versions before 22.4R3-S8, 23.2 versions before 23.2R2-S5, 23.4 versions before 23.4R2-S6, 24.2 versions before 24.2R2-S2, 24.4 versions before 24.4R2, and 25.2 versions before 25.2R2.