Main Vulnerability Database Vulnerabilities #VU68366

Memory leak in Juniper Junos OS - CVE-2022-22228

Published: October 17, 2022

Vulnerability identifier: #VU68366

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-22228

CWE-ID: CWE-401

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Juniper Junos OS

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the routing protocol daemon (rpd). A remote attacker can send specially crafted IPv6 packets to any configured IPv6 address on the device, trigger RPD memory leak and perform denial of service attack.

Remediation

Install updates from vendor's website.

External links

https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-On-IPv6-OAM-SRv6-network-enabled-devices-an-attacker-sending-a-specific-genuine-packet-to-an-IPv6-address-configured-on-the-device-may-cause-a-RPD-memory-leak-leading-to-an-RPD-core-CVE-2022-22228

Memory leak in Juniper Junos OS - CVE-2022-22228

Description

Remediation

External links

Please verify you're human