CVE-2022-22230 MEDIUM

CVE-2022-22230: Junos OS and Junos OS Evolved: RPD crash upon receipt of specific OSPFv3 LSAs

Vendor Juniper Networks

Product Junos OS

Weakness CWE-20 · Input validation

Published October 18, 2022

Last update May 12, 2025

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Adjacent

Attack complexity Low

Privileges required None

User interaction None

Confidentiality None

Integrity None

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause DoS (Denial of Service). If another router generates more than one specific valid OSPFv3 LSA then rpd will crash while processing these LSAs. This issue only affects systems configured with OSPFv3, while OSPFv2 is not affected. This issue affects: Juniper Networks Junos OS 19.2 versions prior to 19.2R3-S6; 19.3 version 19.3R2 and later versions; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S5-EVO; 21.1-EVO versions prior to 21.1R3-S2-EVO; 21.2-EVO versions prior to 21.2R3-S1-EVO; 21.3-EVO versions prior to 21.3R3-S2-EVO; 21.4-EVO versions prior to 21.4R2-EVO; 22.1-EVO versions prior to 22.1R2-EVO; 22.2-EVO versions prior to 22.2R2-EVO. This issue does not affect Juniper Networks Junos OS 19.2 versions prior to 19.2R2.

Key dates

02Disclosure timeline

October 18, 2022 CVE published

May 12, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-22230 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

Identifiers

CVE CVE-2022-22230

CWE CWE-20

CVSS 6.5 / MEDIUM

Affected versions

Vendor Juniper Networks

Product Junos OS

Affected ≥ 19.2 and < 19.2R3-S6

Vendor Juniper Networks

Product Junos OS

Affected ≥ 19.3R2 and < 19.3*

Vendor Juniper Networks

Product Junos OS

Affected ≥ 19.4 and < 19.4R2-S8, 19.4R3-S9

Vendor Juniper Networks

Product Junos OS

Affected ≥ 20.1R1 and < 20.1*

Vendor Juniper Networks

Product Junos OS

Affected ≥ 20.2 and < 20.2R3-S5

Vendor Juniper Networks

Product Junos OS

Affected ≥ 20.3 and < 20.3R3-S5

Vendor Juniper Networks

Product Junos OS

Affected ≥ 20.4 and < 20.4R3-S4

Vendor Juniper Networks

Product Junos OS

Affected ≥ 21.1 and < 21.1R3-S2

Vendor Juniper Networks

Product Junos OS

Affected ≥ 21.2 and < 21.2R3-S1

Vendor Juniper Networks

Product Junos OS

Affected ≥ 21.3 and < 21.3R3-S2

Vendor Juniper Networks

Product Junos OS

Affected ≥ 21.4 and < 21.4R2

Vendor Juniper Networks

Product Junos OS Evolved

Affected ≥ unspecified and < 20.4R3-S5-EVO

Vendor Juniper Networks

Product Junos OS Evolved

Affected ≥ 21.1-EVO and < 21.1R3-S2-EVO

Vendor Juniper Networks

Product Junos OS Evolved

Affected ≥ 21.2-EVO and < 21.2R3-S1-EVO

Vendor Juniper Networks

Product Junos OS Evolved

Affected ≥ 21.3-EVO and < 21.3R3-S2-EVO

Vendor Juniper Networks

Product Junos OS Evolved

Affected ≥ 21.4-EVO and < 21.4R2-EVO

Vendor Juniper Networks

Product Junos OS Evolved

Affected ≥ 22.1-EVO and < 22.1R2-EVO

Vendor Juniper Networks

Product Junos OS Evolved

Affected ≥ 22.2-EVO and < 22.2R2-EVO

CVE-2022-22230: Junos OS and Junos OS Evolved: RPD crash upon receipt of specific OSPFv3 LSAs

01Description

02Disclosure timeline

03References

04Related CVE