CVE-2022-22220 — Time-of-check Time-of-use (TOCTOU) Race Condition in Networks Junos OS

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition CWE-400 — Uncontrolled Resource Consumption5 documents5 sources

Severity

5.9MEDIUMNVD

EPSS

0.3%

top 43.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedOct 18

Latest updateFeb 26

Description

A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS, Junos OS Evolved allows a network-based unauthenticated attacker to cause a Denial of Service (DoS). When a BGP flow route with redirect IP extended community is received, and the reachability to the next-hop of the corresponding redirect IP is flapping, the rpd process might crash. Whether the crash occurs depends on the timing of the internally processing of these tw…

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolvedunspecified — 20.4R2-EVO+1

▶CVEListV5juniper_networks/junos_os18.4 — 18.4R2-S10, 18.4R3-S10+7

▶NVDjuniper/junos_os_evolved< 20.4+2

▶NVDjuniper/junos< 18.4+7

🔴Vulnerability Details

GHSA

GHSA-365h-hvh8-45g8: A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS, Junos OS Evolved allo↗2022-10-18

▶

CVEList

Junos OS and Junos OS Evolved: Due to a race condition the rpd process can crash upon receipt of a BGP update message containing flow spec route↗2022-10-18

▶

📋Vendor Advisories

Red Hat

kernel: bpf, sockmap: Fix more uncharged while msg has more_data↗2025-02-26

▶

Juniper

CVE-2022-22220: A Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS, Junos OS Evolved allo↗2022-10-18

▶