A Missing Release of Memory after Effective Lifetime vulnerability in the Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In an IPsec VPN environment, a memory leak will be seen if a DH or ECDH group is configured. Eventually the flowd process will crash and restart. This issue affects Juniper Networks Junos OS on SRX Series: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S10; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2.
Attack Vector Network
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact None
Integrity Impact None
Availability Impact High
User Interaction None
No CVSS v3.0
No CVSS v2
Vendors | Products |
---|---|
Juniper |
|
Configuration 1 [-]
AND |
|
References
Link | Resource |
---|---|
https://kb.juniper.net/JSA70213 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: juniper
Published: 2023-01-12T00:00:00
Updated: 2023-01-12T00:00:00
Reserved: 2022-12-27T00:00:00
Link: CVE-2023-22417
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-01-13T00:15:11.830
Modified: 2023-01-20T15:34:02.957
Link: CVE-2023-22417
JSON object: View
Redhat Information
No data.
CWE