CVE-2022-22208 — Use After Free in Networks Junos OS

CWE-416 — Use After Free CWE-362 — Race Condition4 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.4%

top 42.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedOct 18

Description

A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service (DoS). When a BGP session flap happens, a Use After Free of a memory location that was assigned to another object can occur, which will lead to an rpd crash. This is a race condition that is outside of the attacker's control and cannot be deterministically exploited. Continued flapping of BGP sessions can…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolvedunspecified — 20.4R3-S4-EVO+3

▶CVEListV5juniper_networks/junos_osunspecified — 18.4R2-S9, 18.4R3-S11+10

▶NVDjuniper/junos_os_evolved21.1, 21.2, 21.3+2

▶NVDjuniper/junos< 18.4+11

🔴Vulnerability Details

CVEList

Junos OS and Junos OS Evolved: An rpd crash can occur due to memory corruption caused by flapping BGP sessions↗2022-10-18

▶

GHSA

GHSA-2mjv-m892-jvr8: A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated networ↗2022-10-18

▶

📋Vendor Advisories

Juniper

CVE-2022-22208: A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated networ↗2022-10-18

▶