Main Vulnerability Database Vulnerabilities #VU82483

Memory leak in Juniper Junos OS - CVE-2023-22414

Published: January 11, 2023

Vulnerability identifier: #VU82483

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-22414

CWE-ID: CWE-401

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
Juniper Junos OS

Software vendor:
Juniper Networks, Inc.

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

A Missing Release of Memory after Effective Lifetime vulnerability in Flexible PIC Concentrator (FPC) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker from the same shared physical or logical network, to cause a heap memory leak and leading to FPC crash.

On all Junos PTX Series and QFX10000 Series, when specific EVPN VXLAN Multicast packets are processed, an FPC memory leak is observed.

Remediation

Install updates from vendor's website.

External links

https://supportportal.juniper.net/s/article/2023-01-Security-Bulletin-Junos-OS-PTX-Series-and-QFX10000-Series-An-FPC-memory-leak-is-observed-when-specific-multicast-packets-are-processed-CVE-2023-22414

Memory leak in Juniper Junos OS - CVE-2023-22414

Description

Remediation

External links

Please verify you're human