CVE-2022-22230

Summary

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause DoS (Denial of Service). If another router generates more than one specific valid OSPFv3 LSA then rpd will crash while processing these LSAs. This issue only affects systems configured with OSPFv3, while OSPFv2 is not affected. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S6; 19.3 version 19.3R2 and later versions; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S5-EVO; 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-S1-EVO; 21.3-EVO versions prior to 21.3R3-S2-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO; 22.2-EVO versions prior to 22.2R2-EVO. This issue does not affect Juniper Networks Junos OS 19.2 versions prior to 19.2R2.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OS19.2 < 19.2R3-S6affected
Juniper NetworksJunos OS19.3R2 < 19.3*affected
Juniper NetworksJunos OS19.4 < 19.4R2-S8, 19.4R3-S9affected
Juniper NetworksJunos OS20.1R1 < 20.1*affected
Juniper NetworksJunos OS20.2 < 20.2R3-S5affected
Juniper NetworksJunos OS20.3 < 20.3R3-S5affected
Juniper NetworksJunos OS20.4 < 20.4R3-S4affected
Juniper NetworksJunos OS21.1 < 21.1R3-S2affected
Juniper NetworksJunos OS21.2 < 21.2R3-S1affected
Juniper NetworksJunos OS21.3 < 21.3R3-S2affected
Juniper NetworksJunos OS21.4 < 21.4R2affected
Juniper NetworksJunos OS Evolvedunspecified < 20.4R3-S5-EVOaffected
Juniper NetworksJunos OS Evolved21.1-EVO < 21.1R3-S2-EVOaffected
Juniper NetworksJunos OS Evolved21.2-EVO < 21.2R3-S1-EVOaffected
Juniper NetworksJunos OS Evolved21.3-EVO < 21.3R3-S2-EVOaffected
Juniper NetworksJunos OS Evolved21.4-EVO < 21.4R2-EVOaffected
Juniper NetworksJunos OS Evolved22.1-EVO < 22.1R2-EVOaffected
Juniper NetworksJunos OS Evolved22.2-EVO < 22.2R2-EVOaffected

Weaknesses

  • CWE-20: CWE-20 Improper Input Validation
  • Denial of Service

Workarounds

There are no known workarounds for this issue.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References