CVE-2022-22233 — Unchecked Return Value to NULL Pointer Dereference in Networks Junos OS

CWE-690 — Unchecked Return Value to NULL Pointer Dereference CWE-252 — Unchecked Return Value CWE-476 — NULL Pointer Dereference4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 83.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos +1 more

Timeline

PublishedOct 18

Description

An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated attacker with low privileges to cause a Denial of Service (DoS). In Segment Routing (SR) to Label Distribution Protocol (LDP) interworking scenario, configured with Segment Routing Mapping Server (SRMS) at any node, when an Area Border Router (ABR) leaks the SRMS entries having "S" flag set from IS-IS Level 2 to Leve…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolved21.4-EVO — 21.4R1-S2-EVO, 21.4R2-S1-EVO, 21.4R3-EVO+1

▶CVEListV5juniper_networks/junos_os21.4 — 21.4R1-S2, 21.4R2-S1, 21.4R3+1

▶NVDjuniper/junos_os_evolved21.4, 22.1+1

▶NVDjuniper/junos21.4, 22.1+1

🔴Vulnerability Details

CVEList

Junos OS and Junos OS Evolved: In an SR to LDP interworking scenario, with SRMS, when a specific low privileged command is issued on an ABR rpd will crash↗2022-10-18

▶

GHSA

GHSA-f329-hqh6-8qmx: An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved↗2022-10-18

▶

📋Vendor Advisories

Juniper

CVE-2022-22233: An Unchecked Return Value to NULL Pointer Dereference vulnerability in Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved↗2022-10-18

▶