CVE-2022-22174Missing Release of Memory after Effective Lifetime in Networks Junos OS

CWE-401Missing Release of Memory after Effective LifetimeCWE-755Improper Handling of Exceptional Conditions4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 39.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 19
Latest updateJan 20

Description

A vulnerability in the processing of inbound IPv6 packets in Juniper Networks Junos OS on QFX5000 Series and EX4600 switches may cause the memory to not be freed, leading to a packet DMA memory leak, and eventual Denial of Service (DoS) condition. Once the condition occurs, further packet processing will be impacted, creating a sustained Denial of Service (DoS) condition. The following error logs may be observed using the "show heap" command and the device may eventually run out of memory if suc

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os18.318.3R3-S6+11
NVDjuniper/junos12 versions+11

🔴Vulnerability Details

2
GHSA
GHSA-9r4f-wr6h-rg8h: A vulnerability in the processing of inbound IPv6 packets in Juniper Networks Junos OS on QFX5000 Series and EX4600 switches may cause the memory to n2022-01-20
CVEList
Junos OS: QFX5000 Series, EX4600: Device may run out of memory, causing traffic loss, upon receipt of specific IPv6 packets2022-01-19

📋Vendor Advisories

1
Juniper
CVE-2022-22174: A vulnerability in the processing of inbound IPv6 packets in Juniper Networks Junos OS on QFX5000 Series and EX4600 switches may cause the memory to n2022-01-19
CVE-2022-22174 — Networks Junos OS vulnerability | cvebase