CVE-2022-22170 — Missing Release of Resource after Effective Lifetime in Networks Junos OS

CWE-772 — Missing Release of Resource after Effective Lifetime4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 39.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedJan 19

Latest updateJan 20

Description

A Missing Release of Resource after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause a Denial of Service (DoS) by sending specific packets over VXLAN which cause heap memory to leak and on exhaustion the PFE to reset. The heap memory utilization can be monitored with the command: user@host> show chassis fpc This issue affects: Juniper Networks Junos OS 19.4 versions prior to 19.4R2-S6, 19.4R3…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os19.4 — 19.4R2-S6, 19.4R3-S6+6

▶NVDjuniper/junos8 versions+7

🔴Vulnerability Details

GHSA

GHSA-5mgw-p3mp-fxpw: A Missing Release of Resource after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unau↗2022-01-20

▶

CVEList

Junos OS: Specific packets over VXLAN cause FPC memory leak and ultimately reset↗2022-01-19

▶

📋Vendor Advisories

Juniper

CVE-2022-22170: A Missing Release of Resource after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unau↗2022-01-19

▶