CVE-2023-22397 — Time-of-check Time-of-use (TOCTOU) Race Condition in Networks Junos OS Evolved

CWE-367 — Time-of-check Time-of-use (TOCTOU) Race Condition CWE-770 — Allocation of Resources Without Limits or Throttling4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.1%

top 71.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Evolved Juniper Junos OS Evolved

Timeline

PublishedJan 13

Description

An Allocation of Resources Without Limits or Throttling weakness in the memory management of the Packet Forwarding Engine (PFE) on Juniper Networks Junos OS Evolved PTX10003 Series devices allows an adjacently located attacker who has established certain preconditions and knowledge of the environment to send certain specific genuine packets to begin a Time-of-check Time-of-use (TOCTOU) Race Condition attack which will cause a memory leak to begin. Once this condition begins, and as long as the a…

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:HExploitability: 1.6 | Impact: 4.0

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_os_evolvedunspecified — 20.4R3-S4-EVO+4

▶NVDjuniper/junos_os_evolved< 20.4+5

🔴Vulnerability Details

GHSA

GHSA-63q5-87g5-fg36: An Allocation of Resources Without Limits or Throttling weakness in the memory management of the Packet Forwarding Engine (PFE) on Juniper Networks Ju↗2023-01-13

▶

CVEList

Junos OS Evolved: PTX10003: An attacker sending specific genuine packets will cause a memory leak in the PFE leading to a Denial of Service↗2023-01-12

▶

📋Vendor Advisories

Juniper

CVE-2023-22397: An Allocation of Resources Without Limits or Throttling weakness in the memory management of the Packet Forwarding Engine (PFE) on Juniper Networks Ju↗2023-01-13

▶