Vulnerabilities > CVE-2022-22188 - Uncontrolled Memory Allocation vulnerability in Juniper Junos 20.2

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

juniper

CWE-789

NVD

Published: 2022-04-14

Updated: 2022-04-21

Summary

An Uncontrolled Memory Allocation vulnerability leading to a Heap-based Buffer Overflow in the packet forwarding engine (PFE) of Juniper Networks Junos OS allows a network-based unauthenticated attacker to flood the device with traffic leading to a Denial of Service (DoS). The device must be configured with storm control profiling limiting the number of unknown broadcast, multicast, or unicast traffic to be vulnerable to this issue. This issue affects: Juniper Networks Junos OS on QFX5100/QFX5110/QFX5120/QFX5200/QFX5210/EX4600/EX4650 Series; 20.2 version 20.2R1 and later versions prior to 20.2R2. This issue does not affect: Juniper Networks Junos OS versions prior to 20.2R1.

Vulnerable Configurations

Part	Description	Count
OS	Juniper Juniper Junos 20.2	4
Hardware	Juniper Juniper Ex4600 - Juniper Ex4650 - Juniper Qfx5100 - Juniper Qfx5110 - Juniper Qfx5120 - Juniper Qfx5200 - Juniper Qfx5210 -	7

Common Weakness Enumeration (CWE)

CWE-789 - Uncontrolled Memory Allocation

References

https://kb.juniper.net/JSA69497