CVE-2022-22205 — Missing Release of Memory after Effective Lifetime in Networks Junos OS

CWE-401 — Missing Release of Memory after Effective Lifetime4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.4%

top 36.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedJul 20

Latest updateJul 21

Description

A Missing Release of Memory after Effective Lifetime vulnerability in the Application Quality of Experience (appqoe) subsystem of the PFE of Juniper Networks Junos OS on SRX Series allows an unauthenticated network based attacker to cause a Denial of Service (DoS). Upon receiving specific traffic a memory leak will occur. Sustained processing of such specific traffic will eventually lead to an out of memory condition that prevents all services from continuing to function, and requires a manual r…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os20.3 — 20.3R3-S2+4

▶NVDjuniper/junos5 versions+4

🔴Vulnerability Details

GHSA

GHSA-7f8w-63f6-6xpv: A Missing Release of Memory after Effective Lifetime vulnerability in the Application Quality of Experience (appqoe) subsystem of the PFE of Juniper N↗2022-07-21

▶

CVEList

Junos OS: SRX Series: An FPC memory leak can occur in an APBR scenario↗2022-07-20

▶

📋Vendor Advisories

Juniper

CVE-2022-22205: A Missing Release of Memory after Effective Lifetime vulnerability in the Application Quality of Experience (appqoe) subsystem of the PFE of Juniper N↗2022-07-20

▶