Main Vulnerability Database Vulnerabilities #VU59563

#VU59563 Memory leak in Juniper Junos OS - CVE-2022-22173

Published: January 12, 2022

Vulnerability identifier: #VU59563

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-22173

CWE-ID: CWE-401

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Juniper Junos OS

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the Public Key Infrastructure daemon (pkid). In a scenario where Public Key Infrastructure (PKI) is used in combination with Certificate Revocation List (CRL), if the CRL fails to download the memory allocated to store the CRL is not released. Repeated occurrences will eventually consume all available memory and lead to an inoperable state of the affected system causing a DoS.

Remediation

Install updates from vendor's website.

External links

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11279&cat=SIRT_1&actp=LIST

#VU59563 Memory leak in Juniper Junos OS - CVE-2022-22173

Description

Remediation

External links

Please verify you're human