CVE-2022-22176

Vulnerability Summary

An Improper Validation of Syntactic Correctness of Input vulnerability in the Juniper DHCP daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent unauthenticated attacker sending a malformed DHCP packet to cause a crash of jdhcpd and thereby a Denial of Service (DoS). If option-82 is configured in a DHCP snooping / -security scenario, jdhcpd crashes if a specific malformed DHCP request packet is received. The DHCP functionality is impacted while jdhcpd restarts, and continued exploitation of the vulnerability will lead to the unavailability of the DHCP service and thereby a sustained DoS. This issue affects Juniper Networks Junos OS 13.2 version 13.2R1 and later versions before 15.1R7-S11; 18.3 versions before 18.3R3-S6; 18.4 versions before 18.4R2-S9, 18.4R3-S10; 19.1 versions before 19.1R2-S3, 19.1R3-S7; 19.2 versions before 19.2R1-S8, 19.2R3-S4; 19.3 versions before 19.3R2-S7, 19.3R3-S4; 19.4 versions before 19.4R3-S6; 20.1 versions before 20.1R3-S3; 20.2 versions before 20.2R3-S3; 20.3 versions before 20.3R3-S1; 20.4 versions before 20.4R3; 21.1 versions before 21.1R2-S1, 21.1R3; 21.2 versions before 21.2R1-S1, 21.2R2. This issue does not affect Juniper Networks Junos OS version 12.3R12 and prior versions.

Vulnerability Trend

References