Main Vulnerability Database Vulnerabilities #VU82452

Heap-based buffer overflow in Juniper Junos OS - CVE-2022-22188

Published: April 13, 2022

Vulnerability identifier: #VU82452

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-22188

CWE-ID: CWE-122

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Juniper Junos OS

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine (PFE) of Juniper Networks Junos OS allows a network-based unauthenticated attacker to flood the device with traffic leading to a Denial of Service (DoS). The device must be configured with storm control profiling limiting the number of unknown broadcast, multicast, or unicast traffic to be vulnerable to this issue.

Remediation

Install updates from vendor's website.

External links

https://supportportal.juniper.net/s/article/2022-04-Security-Bulletin-Junos-OS-QFX5100-QFX5110-QFX5120-QFX5200-QFX5210-EX4600-EX4650-Series-When-storm-control-profiling-is-enabled-and-a-device-is-under-an-active-storm-a-Heap-based-Buffer-Overflow-in-the-PFE-will-cause-a-device-hang-CVE-2022-22188

Heap-based buffer overflow in Juniper Junos OS - CVE-2022-22188

Description

Remediation

External links

Please verify you're human