{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-22228", "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "assignerShortName": "juniper", "datePublished": "2022-10-12T00:00:00", "dateUpdated": "2022-10-18T00:00:00", "dateReserved": "2021-12-21T00:00:00"}, "containers": {"cna": {"title": "Junos OS: IPv6 OAM SRv6 network-enabled devices are vulnerable to Denial of Service (DoS) due to RPD memory leak upon receipt of specific a IPv6 packet", "datePublic": "2022-10-12T00:00:00", "providerMetadata": {"orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968", "shortName": "juniper", "dateUpdated": "2022-10-18T00:00:00"}, "descriptions": [{"lang": "en", "value": "An Improper Validation of Specified Type of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an attacker to cause an RPD memory leak leading to a Denial of Service (DoS). This memory leak only occurs when the attacker's packets are destined to any configured IPv6 address on the device. This issue affects: Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1."}], "affected": [{"vendor": "Juniper Networks", "product": "Junos OS", "versions": [{"version": "unspecified", "lessThan": "21.1R1", "status": "unaffected", "versionType": "custom"}, {"version": "21.1", "status": "affected", "lessThan": "21.1R3-S2", "versionType": "custom"}, {"version": "21.2", "status": "affected", "lessThan": "21.2R3-S1", "versionType": "custom"}, {"version": "21.3", "status": "affected", "lessThan": "21.3R3", "versionType": "custom"}, {"version": "21.4", "status": "affected", "lessThan": "21.4R2", "versionType": "custom"}, {"version": "22.1", "status": "affected", "lessThan": "22.1R2", "versionType": "custom"}]}], "references": [{"url": "https://kb.juniper.net/JSA69880"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-1287: Improper Validation of Specified Type of Input", "cweId": "CWE-1287"}]}, {"descriptions": [{"type": "text", "lang": "en", "description": "Memory Leak"}]}, {"descriptions": [{"type": "text", "lang": "en", "description": "Denial of Service (DoS)"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"advisory": "JSA69880", "defect": ["1657333"], "discovery": "USER"}, "configurations": [{"lang": "en", "value": "The configuration required to hit the issue or be potentially exploited is as follows:\n\n [routing-options source-packet-routing srv6 locator <locator> <IPv6 address/subnet mask>] \n [protocols isis source-packet-routing node-segment ipv6-index <index number>] \n [protocols isis source-packet-routing srv6 locator <locator> end-sid <sid value> flavor <option>]\n [protocols mpls interface all]\n [interfaces <interface-name> unit <unit> family inet6 address <ipv6-addr>]\n"}], "workarounds": [{"lang": "en", "value": "There are no known workarounds for this issue. "}], "exploits": [{"lang": "en", "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}], "solutions": [{"lang": "en", "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R2, 22.1R2, 22.2R1, and all subsequent releases.\n"}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:junos:21.1:-:*:*:*:*:*:*", "matchCriteriaId": "6FDB5B7D-FB37-47E3-8678-B9ED578CCA5F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:r1:*:*:*:*:*:*", "matchCriteriaId": "625BA7E6-D2AD-4A48-9B94-24328BE5B06A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "F462F4E3-762C-429F-8D25-5521100DD37C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:r2:*:*:*:*:*:*", "matchCriteriaId": "C0BC9DAC-D6B5-4C5E-8C73-6E550D9A30F5", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "689FE1AE-7A85-4FB6-AB02-E732F23581B6", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "79E56DAC-75AD-4C81-9835-634B40C15DA6", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:r3:*:*:*:*:*:*", "matchCriteriaId": "A0040FE2-7ECD-4755-96CE-E899BA298E0C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.1:r3-s1:*:*:*:*:*:*", "matchCriteriaId": "076AB086-BB79-4583-AAF7-A5233DFB2F95", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*", "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r1:*:*:*:*:*:*", "matchCriteriaId": "A52AF794-B36B-43A6-82E9-628658624B0A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "3998DC76-F72F-4452-9150-652140B113EB", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "36ED4552-2420-45F9-B6E4-6DA2B2B12870", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r2:*:*:*:*:*:*", "matchCriteriaId": "C28A14E7-7EA0-4757-9764-E39A27CFDFA5", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "4A43752D-A4AF-4B4E-B95B-192E42883A5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "42986538-E9D0-4C2E-B1C4-A763A4EE451B", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.2:r3:*:*:*:*:*:*", "matchCriteriaId": "DE22CA01-EA7E-4EE5-B59F-EE100688C1DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:-:*:*:*:*:*:*", "matchCriteriaId": "2E7D597D-F6B6-44C3-9EBC-4FA0686ACB5C", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r1:*:*:*:*:*:*", "matchCriteriaId": "CC78A4CB-D617-43FC-BB51-287D2D0C44ED", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "30FF67F8-1E3C-47A8-8859-709B3614BA6E", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "0C7C507E-C85E-4BC6-A3B0-549516BAB524", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r2:*:*:*:*:*:*", "matchCriteriaId": "6514CDE8-35DC-469F-89A3-078684D18F7A", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s1:*:*:*:*:*:*", "matchCriteriaId": "4624565D-8F59-44A8-B7A8-01AD579745E7", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.3:r2-s2:*:*:*:*:*:*", "matchCriteriaId": "4BF8CD82-C338-4D9A-8C98-FCB3CEAA9227", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:-:*:*:*:*:*:*", "matchCriteriaId": "79ED3CE8-CC57-43AB-9A26-BBC87816062D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r1:*:*:*:*:*:*", "matchCriteriaId": "4310D2D9-A8A6-48F8-9384-0A0692A1E1C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "9962B01C-C57C-4359-9532-676AB81CE8B0", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:21.4:r1-s2:*:*:*:*:*:*", "matchCriteriaId": "62178549-B679-4902-BFDB-2993803B7FCE", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r1:*:*:*:*:*:*", "matchCriteriaId": "3F96EBE9-2532-4E35-ABA5-CA68830476A4", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:junos:22.1:r1-s1:*:*:*:*:*:*", "matchCriteriaId": "B4D936AE-FD74-4823-A824-2D9F24C25BFB", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An Improper Validation of Specified Type of Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an attacker to cause an RPD memory leak leading to a Denial of Service (DoS). This memory leak only occurs when the attacker's packets are destined to any configured IPv6 address on the device. This issue affects: Juniper Networks Junos OS 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1."}, {"lang": "es", "value": "Una vulnerabilidad de comprobaci\u00f3n inapropiada del tipo de entrada especificado en el demonio de protocolo de enrutamiento (rpd) del Juniper Networks Junos OS permite a un atacante causar una p\u00e9rdida de memoria en el RPD conllevando a una Denegaci\u00f3n de Servicio (DoS). Esta p\u00e9rdida de memoria s\u00f3lo es producida cuando los paquetes del atacante est\u00e1n destinados a cualquier direcci\u00f3n IPv6 configurada en el dispositivo. Este problema afecta a: Juniper Networks Junos OS 21.1 versiones anteriores a 21.1R3-S2; 21.2 versiones anteriores a 21.2R3-S1; 21.3 versiones anteriores a 21.3R3; 21.4 versiones anteriores a 21.4R2; 22.1 versiones anteriores a 22.1R2. Este problema no afecta a Juniper Networks Junos OS versiones anteriores a 21.1R1"}], "id": "CVE-2022-22228", "lastModified": "2022-10-21T17:48:08.367", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "sirt@juniper.net", "type": "Primary"}]}, "published": "2022-10-18T03:15:10.063", "references": [{"source": "sirt@juniper.net", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/JSA69880"}], "sourceIdentifier": "sirt@juniper.net", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1287"}], "source": "sirt@juniper.net", "type": "Secondary"}]}

{}