CVE-2022-22153Inefficient Algorithmic Complexity in Networks Junos OS

CWE-407Inefficient Algorithmic ComplexityCWE-770Allocation of Resources Without Limits or Throttling4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 39.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 19
Latest updateJan 20

Description

An Insufficient Algorithmic Complexity combined with an Allocation of Resources Without Limits or Throttling vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 allows an unauthenticated network attacker to cause latency in transit packet processing and even packet loss. If transit traffic includes a significant percentage (> 5%) of fragmented packets which need to be reassembled, high latency or packet drops might be observed. T

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified18.2R3+4
NVDjuniper/junos< 18.2+5

🔴Vulnerability Details

2
GHSA
GHSA-q67g-rxmw-649c: An Insufficient Algorithmic Complexity combined with an Allocation of Resources Without Limits or Throttling vulnerability in the flow processing daem2022-01-20
CVEList
SRX Series and MX Series with SPC3: A high percentage of fragments might lead to high latency or packet drops2022-01-19

📋Vendor Advisories

1
Juniper
CVE-2022-22153: An Insufficient Algorithmic Complexity combined with an Allocation of Resources Without Limits or Throttling vulnerability in the flow processing daem2022-01-19
CVE-2022-22153 — Inefficient Algorithmic Complexity | cvebase