CVE-2022-22226Memory Allocation with Excessive Size Value in Networks Junos OS

CWE-789Memory Allocation with Excessive Size ValueCWE-770Allocation of Resources Without Limits or Throttling4 documents4 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 70.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedOct 18

Description

In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated adjacently located attacker sending specific packets to cause a Denial of Service (DoS) condition by crashing one or more PFE's when they are received and processed by the device. Upon automatic restart of the PFE, continued processing of these packets will cause the memory leak to reappear. De

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os17.1R117.1*+14
NVDjuniper/junos16 versions+15

🔴Vulnerability Details

2
GHSA
GHSA-wh34-7vvv-gqx8: In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine (PFE)2022-10-18
CVEList
Junos OS: EX4300-MP, EX4600, QFX5000 Series: In VxLAN scenarios specific packets processed cause a memory leak leading to a PFE crash2022-10-18

📋Vendor Advisories

1
Juniper
CVE-2022-22226: In VxLAN scenarios on EX4300-MP, EX4600, QFX5000 Series devices an Uncontrolled Memory Allocation vulnerability in the Packet Forwarding Engine (PFE)2022-10-18
CVE-2022-22226 — Networks Junos OS vulnerability | cvebase