CVE-2022-22173 — Missing Release of Memory after Effective Lifetime in Networks Junos OS

CWE-401 — Missing Release of Memory after Effective Lifetime4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 48.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedJan 19

Latest updateJan 20

Description

A Missing Release of Memory after Effective Lifetime vulnerability in the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause Denial of Service (DoS). In a scenario where Public Key Infrastructure (PKI) is used in combination with Certificate Revocation List (CRL), if the CRL fails to download the memory allocated to store the CRL is not released. Repeated occurrences will eventually consume all available memory and lead to a…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_osunspecified — 18.3R3-S6+11

▶NVDjuniper/junos< 18.3+12

🔴Vulnerability Details

GHSA

GHSA-347m-w2v2-fmv3: A Missing Release of Memory after Effective Lifetime vulnerability in the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows↗2022-01-20

▶

CVEList

Junos OS: CRL failing to download causes a memory leak and ultimately a DoS↗2022-01-19

▶

📋Vendor Advisories

Juniper

CVE-2022-22173: A Missing Release of Memory after Effective Lifetime vulnerability in the Public Key Infrastructure daemon (pkid) of Juniper Networks Junos OS allows↗2022-01-19

▶