CVE-2022-22240 — Missing Release of Memory after Effective Lifetime in Networks Junos OS

CWE-401 — Missing Release of Memory after Effective Lifetime CWE-770 — Allocation of Resources Without Limits or Throttling4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 82.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Networks Junos OS Evolved Juniper Junos OS Evolved +1 more

Timeline

PublishedOct 18

Description

An Allocation of Resources Without Limits or Throttling and a Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a locally authenticated low privileged attacker to cause a Denial of Sevice (DoS). In a high-scaled BGP routing environment with rib-sharding enabled, two issues may occur when executing a specific CLI command. One is a memory leak issue with rpd where the leak rate is not const…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os_evolvedunspecified — 20.4R3-S1-EVO+3

▶CVEListV5juniper_networks/junos_os19.4 — 19.4R3-S9+6

▶NVDjuniper/junos_os_evolved< 20.4+4

▶NVDjuniper/junos7 versions+6

🔴Vulnerability Details

CVEList

Junos OS and Junos OS Evolved: An rpd memory leak might be observed while running a specific cli command in a RIB sharding scenario↗2022-10-18

▶

GHSA

GHSA-37r4-cw3g-gh25: An Allocation of Resources Without Limits or Throttling and a Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol↗2022-10-18

▶

📋Vendor Advisories

Juniper

CVE-2022-22240: An Allocation of Resources Without Limits or Throttling and a Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol↗2022-10-18

▶