CVE-2022-22208

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 18.4R2-S9, 18.4R3-S11 Junos OS versions 19.1 prior to 19.1R3-S8 Junos OS version 19.2R1 and later versions prior to 19.3R3-S5 Junos OS versions 19.3 prior to 19.3R3-S5 Junos OS versions 19.4 prior to 19.4R2-S6, 19.4R3-S6 Junos OS version 20.1R1 and later versions prior to 20.2R3-S3 Junos OS versions 20.2 prior to 20.2R3-S3 Junos OS versions 20.3 prior to 20.3R3-S2 Junos OS versions 20.4 prior to 20.4R3-S1 Junos OS versions 21.1 prior to 21.1R3-S3 Junos OS versions 21.2 prior to 21.2R2-S1, 21.2R3 Junos OS Evolved versions prior to 20.4R3-S4-EVO Junos OS Evolved versions 21.1-EVO prior to 21.1R3-S2-EVO Junos OS Evolved versions 21.2-EVO prior to 21.2R3-EVO Junos OS Evolved versions 21.3-EVO prior to 21.3R2-EVO

Description A Use After Free vulnerability in the Routing Protocol Daemon (rdp) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service (DoS). When a BGP session flap happens, a Use After Free of a memory location that was assigned to another object can occur, which will lead to an rpd crash. This is a race condition that is outside of the attacker's control and cannot be deterministically exploited. Continued flapping of BGP sessions can create a sustained Denial of Service (DoS) condition.

Recommendations For Junos OS versions prior to 18.4R2-S9, 18.4R3-S11, update to version 18.4R2-S9 or 18.4R3-S11 or later. For Junos OS versions 19.1 prior to 19.1R3-S8, update to version 19.1R3-S8 or later. For Junos OS version 19.2R1 and later versions prior to 19.3R3-S5, update to version 19.3R3-S5 or later. For Junos OS versions 19.3 prior to 19.3R3-S5, update to version 19.3R3-S5 or later. For Junos OS versions 19.4 prior to 19.4R2-S6, 19.4R3-S6, update to version 19.4R2-S6 or 19.4R3-S6 or later. For Junos OS version 20.1R1 and later versions prior to 20.2R3-S3, update to version 20.2R3-S3 or later. For Junos OS versions 20.2 prior to 20.2R3-S3, update to version 20.2R3-S3 or later. For Junos OS versions 20.3 prior to 20.3R3-S2, update to version 20.3R3-S2 or later. For Junos OS versions 20.4 prior to 20.4R3-S1, update to version 20.4R3-S1 or later. For Junos OS versions 21.1 prior to 21.1R3-S3, update to version 21.1R3-S3 or later. For Junos OS versions 21.2 prior to 21.2R2-S1, 21.2R3, update to version 21.2R2-S1 or 21.2R3 or later. For Junos OS Evolved versions prior to 20.4R3-S4-EVO, update to version 20.4R3-S4-EVO or later. For Junos OS Evolved versions 21.1-EVO prior to 21.1R3-S2-EVO, update to version 21.1R3-S2-EVO or later. For Junos OS Evolved versions 21.2-EVO prior to 21.2R3-EVO, update to version 21.2R3-EVO or later. For Junos OS Evolved versions 21.3-EVO prior to 21.3R2-EVO, update to version 21.3R2-EVO or later.