Memory leak in Junos OS pkid



Published: 2022-01-12
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2022-22173
CWE-ID CWE-401
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Juniper Junos OS
Operating systems & Components / Operating system

Vendor Juniper Networks, Inc.

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Memory leak

EUVDB-ID: #VU59563

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-22173

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the Public Key Infrastructure daemon (pkid). In a scenario where Public Key Infrastructure (PKI) is used in combination with Certificate Revocation List (CRL), if the CRL fails to download the memory allocated to store the CRL is not released. Repeated occurrences will eventually consume all available memory and lead to an inoperable state of the affected system causing a DoS.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Juniper Junos OS: 18.3 - 21.2R1-S2

External links

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA11279&cat=SIRT_1&actp=LIST


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###