Memory leak in Juniper Junos OS - CVE-2023-22414

 

Memory leak in Juniper Junos OS - CVE-2023-22414

Published: January 11, 2023


Vulnerability identifier: #VU82483
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-22414
CWE-ID: CWE-401
Exploitation vector: Adjecent network
Exploit availability: No public exploit available
Vendor: Juniper Networks, Inc.
Affected software:
Juniper Junos OS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

A Missing Release of Memory after Effective Lifetime vulnerability in Flexible PIC Concentrator (FPC) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker from the same shared physical or logical network, to cause a heap memory leak and leading to FPC crash.

 On all Junos PTX Series and QFX10000 Series, when specific EVPN VXLAN Multicast packets are processed, an FPC memory leak is observed.


How to mitigate CVE-2023-22414

Install updates from vendor's website.

Sources