Common Weakness Enumeration

CWE-401

Allowed

Missing Release of Memory after Effective Lifetime

Abstraction: Variant · Status: Draft

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

2001 vulnerabilities reference this CWE, most recent first.

CVE-2023-24511 (GCVE-0-2023-24511)

Vulnerability from cvelistv5 – Published: 2023-04-12 00:00 – Updated: 2025-02-07 15:47
VLAI
Title
On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process.
Summary
On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-401 - Improper Release of Memory Before Removing Last Reference
Assigner
Impacted products
Vendor Product Version
Arista Networks EOS Affected: 4.28.0 4.28.5.1M
Affected: 4.27.0 4.27.8.1M
Affected: 4.26.0 4.26.9M
Affected: 4.25.0 4.25.10M
Affected: 4.24.0 4.24.11M
Affected: 4.29.0 , ≤ 4.29.1F (custom)
Create a notification for this product.
Date Public
2023-04-11 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:56:04.366Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-24511",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-07T15:47:38.119400Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-07T15:47:42.435Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "EOS",
          "vendor": "Arista Networks",
          "versions": [
            {
              "status": "affected",
              "version": "4.28.0 4.28.5.1M"
            },
            {
              "status": "affected",
              "version": "4.27.0 4.27.8.1M"
            },
            {
              "status": "affected",
              "version": "4.26.0 4.26.9M"
            },
            {
              "status": "affected",
              "version": "4.25.0 4.25.10M"
            },
            {
              "status": "affected",
              "version": "4.24.0 4.24.11M"
            },
            {
              "lessThanOrEqual": "4.29.1F",
              "status": "affected",
              "version": "4.29.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "In order to be vulnerable to CVE-2023-24511, the following condition must be met:\n\nSNMP must be configured:\n"
        }
      ],
      "datePublic": "2023-04-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process. This may result in the snmpd processing being terminated (causing SNMP requests to time out until snmpd is automatically restarted) and potential memory resource exhaustion for other processes on the switch. The vulnerability does not have any confidentiality or integrity impacts to the system."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "CWE-401 Improper Release of Memory Before Removing Last Reference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-12T00:00:00.000Z",
        "orgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
        "shortName": "Arista"
      },
      "references": [
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisory/17239-security-advisory-0084"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The recommended resolution is to upgrade to a remediated software version at your earliest convenience. Artista recommends customers move to the latest version of each release that contains all the fixes listed below. For more information about upgrading see Eos User Manual: Upgrades and Downgrades\n\nCVE-2023-24511 has been fixed in the following releases:\n4.29.2F and later releases in the 4.29.x train\n4.28.6M and later releases in the 4.28.x train\n4.27.9M and later releases in the 4.27.x train\n4.26.10M and later releases in the 4.26.x train\n"
        },
        {
          "lang": "en",
          "value": "The following hotfix can be applied to remediate CVE-2023-24511. The hotfix only applies to the releases listed below and no other releases. All other versions require upgrading to a release containing the fix (as listed above).: \n\n4.29.1F and below releases in the 4.29.x train\n4.28.5.1M and below releases in the 4.28.x train\n4.27.8.1M and below releases in the 4.27.x train\n4.26.9M and below releases in the 4.26.x train\n\nNote: Installing/uninstalling the SWIX will cause the snmpd process to restart\nVersion: 1.0\nURL:SecurityAdvisory84_CVE-2023-24511_Hotfix.swix\nSWIX hash:SecurityAdvisory84_CVE-2023-24511_Hotfix.swix\n(SHA-512)da2bc1fd2c7fc718e3c72c7ce83dc1caa05150cbe2f081c8cc3ed40ce787f7e24dff5202e621ef5f2af89f72afd25f7476d02f722ffe8e8c7d24c101cbbfe0e5"
        }
      ],
      "source": {
        "advisory": "84",
        "defect": [
          "751040"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "On affected platforms running Arista EOS with SNMP configured, a specially crafted packet can cause a memory leak in the snmpd process.",
      "workarounds": [
        {
          "lang": "en",
          "value": "If you suspect you are encountering this issue due to malicious activity, the workaround is to enable SNMP service ACLs to only allow specific IP addresses to query SNMP (combined with anti-spoofing ACLs in the rest of the network).\n\nsnmp-server ipv4 access-list allowHosts4\nsnmp-server ipv6 access-list allowHosts6\n!\nipv6 access-list allowHosts6\n   10 permit ipv6 host \u003cipv6 address\u003e any\n!\nip access-list allowHosts4\n   10 permit ip host \u003cipv4 address\u003e any\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c8b34d1a-69ae-45c3-88fe-f3b3d44f39b7",
    "assignerShortName": "Arista",
    "cveId": "CVE-2023-24511",
    "datePublished": "2023-04-12T00:00:00.000Z",
    "dateReserved": "2023-01-24T00:00:00.000Z",
    "dateUpdated": "2025-02-07T15:47:42.435Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-22417 (GCVE-0-2023-22417)

Vulnerability from cvelistv5 – Published: 2023-01-12 00:00 – Updated: 2025-04-08 13:33
VLAI
Title
Junos OS: SRX Series: A memory leak might be observed in IPsec VPN scenario leading to an FPC crash
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In an IPsec VPN environment, a memory leak will be seen if a DH or ECDH group is configured. Eventually the flowd process will crash and restart. This issue affects Juniper Networks Junos OS on SRX Series: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S10; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-401 - Missing Release of Memory after Effective Lifetime
  • Denial of Service (DoS)
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: unspecified , < 19.3R3-S7 (custom)
Affected: 19.4 , < 19.4R2-S8, 19.4R3-S10 (custom)
Affected: 20.2 , < 20.2R3-S6 (custom)
Affected: 20.3 , < 20.3R3-S5 (custom)
Affected: 20.4 , < 20.4R3-S5 (custom)
Affected: 21.1 , < 21.1R3-S4 (custom)
Affected: 21.2 , < 21.2R3 (custom)
Affected: 21.3 , < 21.3R3 (custom)
Affected: 21.4 , < 21.4R2 (custom)
Create a notification for this product.
Date Public
2023-01-11 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:07:06.550Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA70213"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-22417",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-08T13:32:43.911495Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-08T13:33:02.446Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "SRX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "19.3R3-S7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "19.4R2-S8, 19.4R3-S10",
              "status": "affected",
              "version": "19.4",
              "versionType": "custom"
            },
            {
              "lessThan": "20.2R3-S6",
              "status": "affected",
              "version": "20.2",
              "versionType": "custom"
            },
            {
              "lessThan": "20.3R3-S5",
              "status": "affected",
              "version": "20.3",
              "versionType": "custom"
            },
            {
              "lessThan": "20.4R3-S5",
              "status": "affected",
              "version": "20.4",
              "versionType": "custom"
            },
            {
              "lessThan": "21.1R3-S4",
              "status": "affected",
              "version": "21.1",
              "versionType": "custom"
            },
            {
              "lessThan": "21.2R3",
              "status": "affected",
              "version": "21.2",
              "versionType": "custom"
            },
            {
              "lessThan": "21.3R3",
              "status": "affected",
              "version": "21.3",
              "versionType": "custom"
            },
            {
              "lessThan": "21.4R2",
              "status": "affected",
              "version": "21.4",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2023-01-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In an IPsec VPN environment, a memory leak will be seen if a DH or ECDH group is configured. Eventually the flowd process will crash and restart. This issue affects Juniper Networks Junos OS on SRX Series: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S10; 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-12T00:00:00.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "url": "https://kb.juniper.net/JSA70213"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 19.3R3-S7, 19.4R2-S8, 19.4R3-S10, 20.2R3-S6, 20.3R3-S5, 20.4R3-S5, 21.1R3-S4, 21.2R3, 21.3R3, 21.4R2, 22.1R1, and all subsequent releases.\n"
        }
      ],
      "source": {
        "advisory": "JSA70213",
        "defect": [
          "1639998"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: SRX Series: A memory leak might be observed in IPsec VPN scenario leading to an FPC crash",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2023-22417",
    "datePublished": "2023-01-12T00:00:00.000Z",
    "dateReserved": "2022-12-27T00:00:00.000Z",
    "dateUpdated": "2025-04-08T13:33:02.446Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-22414 (GCVE-0-2023-22414)

Vulnerability from cvelistv5 – Published: 2023-01-12 00:00 – Updated: 2025-04-07 19:54
VLAI
Title
Junos OS: PTX Series and QFX10000 Series: An FPC memory leak is observed when specific EVPN VXLAN Multicast packets are processed
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in Flexible PIC Concentrator (FPC) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker from the same shared physical or logical network, to cause a heap memory leak and leading to FPC crash. On all Junos PTX Series and QFX10000 Series, when specific EVPN VXLAN Multicast packets are processed, an FPC heap memory leak is observed. The FPC memory usage can be monitored using the CLI command "show heap extensive". Following is an example output. ID Base Total(b) Free(b) Used(b) % Name Peak used % -- -------- --------- --------- --------- --- ----------- ----------- 0 37dcf000 3221225472 1694526368 1526699104 47 Kernel 47 1 17dcf000 1048576 1048576 0 0 TOE DMA 0 2 17ecf000 1048576 1048576 0 0 DMA 0 3 17fcf000 534773760 280968336 253805424 47 Packet DMA 47 This issue affects: Juniper Networks Junos OS PTX Series and QFX10000 Series 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2; 22.2 versions prior to 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.1R1 on PTX Series and QFX10000 Series.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-401 - Missing Release of Memory after Effective Lifetime
  • Denial of Service (DoS)
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Unaffected: unspecified , < 20.1R1 (custom)
Affected: 20.2 , < 20.2R3-S6 (custom)
Affected: 20.3 , < 20.3R3-S6 (custom)
Affected: 20.4 , < 20.4R3-S4 (custom)
Affected: 21.2 , < 21.2R3-S1 (custom)
Affected: 21.3 , < 21.3R3 (custom)
Affected: 21.4 , < 21.4R3 (custom)
Affected: 22.1 , < 22.1R2 (custom)
Affected: 22.2 , < 22.2R2 (custom)
Create a notification for this product.
Date Public
2023-01-11 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:07:06.570Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA70210"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-22414",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-07T19:54:35.845790Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-07T19:54:43.296Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "PTX Series and QFX10000 Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "20.1R1",
              "status": "unaffected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "20.2R3-S6",
              "status": "affected",
              "version": "20.2",
              "versionType": "custom"
            },
            {
              "lessThan": "20.3R3-S6",
              "status": "affected",
              "version": "20.3",
              "versionType": "custom"
            },
            {
              "lessThan": "20.4R3-S4",
              "status": "affected",
              "version": "20.4",
              "versionType": "custom"
            },
            {
              "lessThan": "21.2R3-S1",
              "status": "affected",
              "version": "21.2",
              "versionType": "custom"
            },
            {
              "lessThan": "21.3R3",
              "status": "affected",
              "version": "21.3",
              "versionType": "custom"
            },
            {
              "lessThan": "21.4R3",
              "status": "affected",
              "version": "21.4",
              "versionType": "custom"
            },
            {
              "lessThan": "22.1R2",
              "status": "affected",
              "version": "22.1",
              "versionType": "custom"
            },
            {
              "lessThan": "22.2R2",
              "status": "affected",
              "version": "22.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "This issue can occur when multicast and EVPN are configured: \n\n  [protocols evpn]"
        }
      ],
      "datePublic": "2023-01-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Missing Release of Memory after Effective Lifetime vulnerability in Flexible PIC Concentrator (FPC) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker from the same shared physical or logical network, to cause a heap memory leak and leading to FPC crash. On all Junos PTX Series and QFX10000 Series, when specific EVPN VXLAN Multicast packets are processed, an FPC heap memory leak is observed. The FPC memory usage can be monitored using the CLI command \"show heap extensive\". Following is an example output. ID Base Total(b) Free(b) Used(b) % Name Peak used % -- -------- --------- --------- --------- --- ----------- ----------- 0 37dcf000 3221225472 1694526368 1526699104 47 Kernel 47 1 17dcf000 1048576 1048576 0 0 TOE DMA 0 2 17ecf000 1048576 1048576 0 0 DMA 0 3 17fcf000 534773760 280968336 253805424 47 Packet DMA 47 This issue affects: Juniper Networks Junos OS PTX Series and QFX10000 Series 20.2 versions prior to 20.2R3-S6; 20.3 versions prior to 20.3R3-S6; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2; 22.2 versions prior to 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.1R1 on PTX Series and QFX10000 Series."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-12T00:00:00.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "url": "https://kb.juniper.net/JSA70210"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 20.2R3-S6, 20.3R3-S6, 20.4R3-S4, 21.1R3-S3, 21.2R3-S1, 21.3R3, 21.4R3, 22.1R2, 22.2R2, 22.3R1, and all subsequent releases.\n"
        }
      ],
      "source": {
        "advisory": "JSA70210",
        "defect": [
          "1661286"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: PTX Series and QFX10000 Series: An FPC memory leak is observed when specific EVPN VXLAN Multicast packets are processed",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2023-22414",
    "datePublished": "2023-01-12T00:00:00.000Z",
    "dateReserved": "2022-12-27T00:00:00.000Z",
    "dateUpdated": "2025-04-07T19:54:43.296Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-22410 (GCVE-0-2023-22410)

Vulnerability from cvelistv5 – Published: 2023-01-12 00:00 – Updated: 2025-04-07 15:32
VLAI
Title
Junos OS: MX Series with MPC10/MPC11: When Suspicious Control Flow Detection (scfd) is enabled and an attacker is sending specific traffic, this causes a memory leak.
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Networks Junos OS on MX Series platforms with MPC10/MPC11 line cards, allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). Devices are only vulnerable when the Suspicious Control Flow Detection (scfd) feature is enabled. Upon enabling this specific feature, an attacker sending specific traffic is causing memory to be allocated dynamically and it is not freed. Memory is not freed even after deactivating this feature. Sustained processing of such traffic will eventually lead to an out of memory condition that prevents all services from continuing to function, and requires a manual restart to recover. The FPC memory usage can be monitored using the CLI command "show chassis fpc". On running the above command, the memory of AftDdosScfdFlow can be observed to detect the memory leak. This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 20.2R3-S5; 20.3 version 20.3R1 and later versions.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-401 - Missing Release of Memory after Effective Lifetime
  • Denial of Service (DoS)
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: unspecified , < 20.2R3-S5 (custom)
Affected: 20.3R1 , < 20.3* (custom)
Create a notification for this product.
Date Public
2023-01-11 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:07:06.609Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA70206"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-22410",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-07T14:57:11.910284Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-07T15:32:59.491Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "platforms": [
            "MX Series"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "20.2R3-S5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "20.3*",
              "status": "affected",
              "version": "20.3R1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "This issue only affects systems with scfd enabled.  An minimal scfd configuration is shown below:\n\n  [system ddos-protection global flow-detection]\n"
        }
      ],
      "datePublic": "2023-01-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Networks Junos OS on MX Series platforms with MPC10/MPC11 line cards, allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS). Devices are only vulnerable when the Suspicious Control Flow Detection (scfd) feature is enabled. Upon enabling this specific feature, an attacker sending specific traffic is causing memory to be allocated dynamically and it is not freed. Memory is not freed even after deactivating this feature. Sustained processing of such traffic will eventually lead to an out of memory condition that prevents all services from continuing to function, and requires a manual restart to recover. The FPC memory usage can be monitored using the CLI command \"show chassis fpc\". On running the above command, the memory of AftDdosScfdFlow can be observed to detect the memory leak. This issue affects Juniper Networks Junos OS on MX Series: All versions prior to 20.2R3-S5; 20.3 version 20.3R1 and later versions."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-12T00:00:00.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "url": "https://kb.juniper.net/JSA70206"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 20.2R3-S5, 20.4R1, and all subsequent releases.\n"
        }
      ],
      "source": {
        "advisory": "JSA70206",
        "defect": [
          "1654175"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: MX Series with MPC10/MPC11: When Suspicious Control Flow Detection (scfd) is enabled and an attacker is sending specific traffic, this causes a memory leak.",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2023-22410",
    "datePublished": "2023-01-12T00:00:00.000Z",
    "dateReserved": "2022-12-27T00:00:00.000Z",
    "dateUpdated": "2025-04-07T15:32:59.491Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-22406 (GCVE-0-2023-22406)

Vulnerability from cvelistv5 – Published: 2023-01-12 00:00 – Updated: 2025-04-07 15:37
VLAI
Title
Junos OS and Junos OS Evolved: A memory leak which will ultimately lead to an rpd crash will be observed when a peer interface flaps continuously in a Segment Routing scenario using OSPF
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). In a segment-routing scenario with OSPF as IGP, when a peer interface continuously flaps, next-hop churn will happen and a continuous increase in Routing Protocol Daemon (rpd) memory consumption will be observed. This will eventually lead to an rpd crash and restart when the memory is full. The memory consumption can be monitored using the CLI command "show task memory detail" as shown in the following example: user@host> show task memory detail | match "RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 412330 158334720 412330 158334720 RT_TEMPLATE_BOOK_KEE 2064 2560 T 33315 85286400 33315 85286400 user@host> show task memory detail | match "RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 419005 160897920 419005 160897920 <=== RT_TEMPLATE_BOOK_KEE 2064 2560 T 39975 102336000 39975 10233600 <=== This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.4 versions prior to 21.4R2-S1-EVO, 21.4R3-EVO; 22.1 versions prior to 22.1R2-EVO.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-401 - Missing Release of Memory after Effective Lifetime
  • Denial of Service (DoS)
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: unspecified , < 19.3R3-S7 (custom)
Affected: 19.4 , < 19.4R2-S8, 19.4R3-S9 (custom)
Affected: 20.2 , < 20.2R3-S5 (custom)
Affected: 20.3 , < 20.3R3-S5 (custom)
Affected: 20.4 , < 20.4R3-S4 (custom)
Affected: 21.1 , < 21.1R3-S3 (custom)
Affected: 21.2 , < 21.2R3-S2 (custom)
Affected: 21.3 , < 21.3R3-S1 (custom)
Affected: 21.4 , < 21.4R2-S1, 21.4R3 (custom)
Affected: 22.1 , < 22.1R2 (custom)
Create a notification for this product.
Juniper Networks Junos OS Evolved Affected: unspecified , < 20.4R3-S4-EVO (custom)
Affected: 21.4 , < 21.4R2-S1-EVO, 21.4R3-EVO (custom)
Affected: 22.1 , < 22.1R2-EVO (custom)
Create a notification for this product.
Date Public
2023-01-11 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:07:06.601Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA70202"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-22406",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-07T15:00:02.855812Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-07T15:37:55.236Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "19.3R3-S7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "19.4R2-S8, 19.4R3-S9",
              "status": "affected",
              "version": "19.4",
              "versionType": "custom"
            },
            {
              "lessThan": "20.2R3-S5",
              "status": "affected",
              "version": "20.2",
              "versionType": "custom"
            },
            {
              "lessThan": "20.3R3-S5",
              "status": "affected",
              "version": "20.3",
              "versionType": "custom"
            },
            {
              "lessThan": "20.4R3-S4",
              "status": "affected",
              "version": "20.4",
              "versionType": "custom"
            },
            {
              "lessThan": "21.1R3-S3",
              "status": "affected",
              "version": "21.1",
              "versionType": "custom"
            },
            {
              "lessThan": "21.2R3-S2",
              "status": "affected",
              "version": "21.2",
              "versionType": "custom"
            },
            {
              "lessThan": "21.3R3-S1",
              "status": "affected",
              "version": "21.3",
              "versionType": "custom"
            },
            {
              "lessThan": "21.4R2-S1, 21.4R3",
              "status": "affected",
              "version": "21.4",
              "versionType": "custom"
            },
            {
              "lessThan": "22.1R2",
              "status": "affected",
              "version": "22.1",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "Junos OS Evolved",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "20.4R3-S4-EVO",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "21.4R2-S1-EVO, 21.4R3-EVO",
              "status": "affected",
              "version": "21.4",
              "versionType": "custom"
            },
            {
              "lessThan": "22.1R2-EVO",
              "status": "affected",
              "version": "22.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "To be exposed to this issue a minimal SR configuration for OSPF like in the following example is required:\n\n  [protocols ospf source-packet-routing}"
        }
      ],
      "datePublic": "2023-01-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). In a segment-routing scenario with OSPF as IGP, when a peer interface continuously flaps, next-hop churn will happen and a continuous increase in Routing Protocol Daemon (rpd) memory consumption will be observed. This will eventually lead to an rpd crash and restart when the memory is full. The memory consumption can be monitored using the CLI command \"show task memory detail\" as shown in the following example: user@host\u003e show task memory detail | match \"RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE\" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 412330 158334720 412330 158334720 RT_TEMPLATE_BOOK_KEE 2064 2560 T 33315 85286400 33315 85286400 user@host\u003e show task memory detail | match \"RT_NEXTHOPS_TEMPLATE|RT_TEMPLATE_BOOK_KEE\" RT_NEXTHOPS_TEMPLATE 1008 1024 T 50 51200 50 51200 RT_NEXTHOPS_TEMPLATE 688 768 T 50 38400 50 38400 RT_NEXTHOPS_TEMPLATE 368 384 T 419005 160897920 419005 160897920 \u003c=== RT_TEMPLATE_BOOK_KEE 2064 2560 T 39975 102336000 39975 10233600 \u003c=== This issue affects: Juniper Networks Junos OS All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S8, 19.4R3-S9; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R2-S1, 21.4R3; 22.1 versions prior to 22.1R2. Juniper Networks Junos OS Evolved All versions prior to 20.4R3-S4-EVO; 21.4 versions prior to 21.4R2-S1-EVO, 21.4R3-EVO; 22.1 versions prior to 22.1R2-EVO."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-12T00:00:00.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "url": "https://kb.juniper.net/JSA70202"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: \nJunos OS: 19.3R3-S7, 19.4R2-S8, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R2-S1, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases.\nJunos OS Evolved: 20.4R3-S4-EVO, 21.4R2-S1-EVO, 21.4R3-EVO, 22.1R2-EVO, 22.2R1-EVO, and all subsequent releases.\n"
        }
      ],
      "source": {
        "advisory": "JSA70202",
        "defect": [
          "1659366"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS and Junos OS Evolved: A memory leak which will ultimately lead to an rpd crash will be observed when a peer interface flaps continuously in a Segment Routing scenario using OSPF",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2023-22406",
    "datePublished": "2023-01-12T00:00:00.000Z",
    "dateReserved": "2022-12-27T00:00:00.000Z",
    "dateUpdated": "2025-04-07T15:37:55.236Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-22395 (GCVE-0-2023-22395)

Vulnerability from cvelistv5 – Published: 2023-01-12 00:00 – Updated: 2025-04-07 15:42
VLAI
Title
Junos OS: In an MPLS scenario the processing of specific packets to the device causes a buffer leak and ultimately a loss of connectivity
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In an MPLS scenario specific packets destined to an Integrated Routing and Bridging (irb) interface of the device will cause a buffer (mbuf) to leak. Continued receipt of these specific packets will eventually cause a loss of connectivity to and from the device, and requires a reboot to recover. These mbufs can be monitored by using the CLI command 'show system buffers': user@host> show system buffers 783/1497/2280 mbufs in use (current/cache/total) user@host> show system buffers 793/1487/2280 mbufs in use (current/cache/total) <<<<<< mbuf usage increased This issue affects Juniper Networks Junos OS: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-401 - Missing Release of Memory after Effective Lifetime
  • Denial of Service (DoS)
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: unspecified , < 19.3R3-S7 (custom)
Affected: 19.4 , < 19.4R3-S9 (custom)
Affected: 20.1R1 , < 20.1* (custom)
Affected: 20.2 , < 20.2R3-S5 (custom)
Affected: 20.3 , < 20.3R3-S5 (custom)
Affected: 20.4 , < 20.4R3-S4 (custom)
Affected: 21.1 , < 21.1R3-S3 (custom)
Affected: 21.2 , < 21.2R3-S2 (custom)
Affected: 21.3 , < 21.3R3-S1 (custom)
Affected: 21.4 , < 21.4R3 (custom)
Affected: 22.1 , < 22.1R2 (custom)
Create a notification for this product.
Date Public
2023-01-11 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:07:06.642Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.juniper.net/JSA70191"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-22395",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-07T15:10:37.940814Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-07T15:42:48.152Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "19.3R3-S7",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "19.4R3-S9",
              "status": "affected",
              "version": "19.4",
              "versionType": "custom"
            },
            {
              "lessThan": "20.1*",
              "status": "affected",
              "version": "20.1R1",
              "versionType": "custom"
            },
            {
              "lessThan": "20.2R3-S5",
              "status": "affected",
              "version": "20.2",
              "versionType": "custom"
            },
            {
              "lessThan": "20.3R3-S5",
              "status": "affected",
              "version": "20.3",
              "versionType": "custom"
            },
            {
              "lessThan": "20.4R3-S4",
              "status": "affected",
              "version": "20.4",
              "versionType": "custom"
            },
            {
              "lessThan": "21.1R3-S3",
              "status": "affected",
              "version": "21.1",
              "versionType": "custom"
            },
            {
              "lessThan": "21.2R3-S2",
              "status": "affected",
              "version": "21.2",
              "versionType": "custom"
            },
            {
              "lessThan": "21.3R3-S1",
              "status": "affected",
              "version": "21.3",
              "versionType": "custom"
            },
            {
              "lessThan": "21.4R3",
              "status": "affected",
              "version": "21.4",
              "versionType": "custom"
            },
            {
              "lessThan": "22.1R2",
              "status": "affected",
              "version": "22.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "To be exposed to this vulnerability a minimal IRB configuration like in the following example needs to be present:\n\n  [interfaces irb unit \u003cunit\u003e family inet address \u003cIP-adress\u003e]"
        }
      ],
      "datePublic": "2023-01-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the kernel of Juniper Networks Junos OS allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS). In an MPLS scenario specific packets destined to an Integrated Routing and Bridging (irb) interface of the device will cause a buffer (mbuf) to leak. Continued receipt of these specific packets will eventually cause a loss of connectivity to and from the device, and requires a reboot to recover. These mbufs can be monitored by using the CLI command \u0027show system buffers\u0027: user@host\u003e show system buffers 783/1497/2280 mbufs in use (current/cache/total) user@host\u003e show system buffers 793/1487/2280 mbufs in use (current/cache/total) \u003c\u003c\u003c\u003c\u003c\u003c mbuf usage increased This issue affects Juniper Networks Junos OS: All versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R3-S9; 20.1 version 20.1R1 and later versions; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S3; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R2."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "CWE-401 Missing Release of Memory after Effective Lifetime",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-12T00:00:00.000Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "url": "https://kb.juniper.net/JSA70191"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The following software releases have been updated to resolve this specific issue: 19.3R3-S7, 19.4R3-S9, 20.2R3-S5, 20.3R3-S5, 20.4R3-S4, 21.1R3-S3, 21.2R3-S2, 21.3R3-S1, 21.4R3, 22.1R2, 22.2R1, and all subsequent releases."
        }
      ],
      "source": {
        "advisory": "JSA70191",
        "defect": [
          "1666181"
        ],
        "discovery": "USER"
      },
      "title": "Junos OS: In an MPLS scenario the processing of specific packets to the device causes a buffer leak and ultimately a loss of connectivity",
      "workarounds": [
        {
          "lang": "en",
          "value": "There are no known workarounds for this issue."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2023-22395",
    "datePublished": "2023-01-12T00:00:00.000Z",
    "dateReserved": "2022-12-27T00:00:00.000Z",
    "dateUpdated": "2025-04-07T15:42:48.152Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-22392 (GCVE-0-2023-22392)

Vulnerability from cvelistv5 – Published: 2023-10-12 22:55 – Updated: 2024-08-02 10:07
VLAI
Title
Junos OS: PTX Series and QFX10000 Series: Received flow-routes which aren't installed as the hardware doesn't support them, lead to an FPC heap memory leak
Summary
A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). PTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs do not support certain flow-routes. Once a flow-route is received over an established BGP session and an attempt is made to install the resulting filter into the PFE, FPC heap memory is leaked. The FPC heap memory can be monitored using the CLI command "show chassis fpc". The following syslog messages can be observed if the respective filter derived from a flow-route cannot be installed. expr_dfw_sfm_range_add:661 SFM packet-length Unable to get a sfm entry for updating the hw expr_dfw_hw_sfm_add:750 Unable to add the filter secondarymatch to the hardware expr_dfw_base_hw_add:52 Failed to add h/w sfm data. expr_dfw_base_hw_create:114 Failed to add h/w data. expr_dfw_base_pfe_inst_create:241 Failed to create base inst for sfilter 0 on PFE 0 for __flowspec_default_inet__ expr_dfw_flt_inst_change:1368 Failed to create __flowspec_default_inet__ on PFE 0 expr_dfw_hw_pgm_fnum:465 dfw_pfe_inst_old not found for pfe_index 0! expr_dfw_bp_pgm_flt_num:548 Failed to pgm bind-point in hw: generic failure expr_dfw_bp_topo_handler:1102 Failed to program fnum. expr_dfw_entry_process_change:679 Failed to change instance for filter __flowspec_default_inet__. This issue affects Juniper Networks Junos OS: on PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs: * All versions prior to 20.4R3-S5; * 21.1 versions prior to 21.1R3-S4; * 21.2 versions prior to 21.2R3-S2; * 21.3 versions prior to 21.3R3; * 21.4 versions prior to 21.4R2-S2, 21.4R3; * 22.1 versions prior to 22.1R1-S2, 22.1R2. on PTX3000, PTX5000, QFX10000: * All versions prior to 20.4R3-S8; * 21.1 version 21.1R1 and later versions; * 21.2 versions prior to 21.2R3-S6; * 21.3 versions prior to 21.3R3-S5; * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3 * 22.2 versions prior to 22.2R3-S1 * 22.3 versions prior to 22.3R2-S2, 22.3R3 * 22.4 versions prior to 22.4R2.
CWE
  • CWE-401 - A Missing Release of Memory after Effective Lifetime
  • Denial of Service (DoS)
Assigner
References
Impacted products
Vendor Product Version
Juniper Networks Junos OS Affected: 0 , < 20.4R3-S5 (semver)
Affected: 21.1 , < 21.1R3-S4 (semver)
Affected: 21.2 , < 21.2R3-S2 (semver)
Affected: 21.3 , < 21.3R3 (semver)
Affected: 21.4 , < 21.4R2-S2, 21.4R3 (semver)
Affected: 22.1 , < 22.1R1-S2, 22.1R2 (semver)
Create a notification for this product.
Juniper Networks Junos OS Affected: 0 , < 20.4R3-S8 (semver)
Affected: 21.1R1 , < 21.1* (semver)
Affected: 21.2 , < 21.2R3-S6 (semver)
Affected: 21.3 , < 21.3R3-S5 (semver)
Affected: 21.4 , < 21.4R3-S4 (semver)
Affected: 22.1 , < 22.1R3-S3 (semver)
Affected: 22.2 , < 22.2R3-S1 (semver)
Affected: 22.3 , < 22.3R2-S2, 22.3R3 (semver)
Affected: 22.4 , < 22.4R2 (semver)
Create a notification for this product.
Date Public
2023-10-11 16:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:07:06.639Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/JSA73530"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "PTX1000",
            "PTX10002",
            "PTX10004",
            "PTX10008",
            "PTX10016 with LC110x FPCs"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "20.4R3-S5",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.1R3-S4",
              "status": "affected",
              "version": "21.1",
              "versionType": "semver"
            },
            {
              "lessThan": "21.2R3-S2",
              "status": "affected",
              "version": "21.2",
              "versionType": "semver"
            },
            {
              "lessThan": "21.3R3",
              "status": "affected",
              "version": "21.3",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R2-S2, 21.4R3",
              "status": "affected",
              "version": "21.4",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R1-S2, 22.1R2",
              "status": "affected",
              "version": "22.1",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "PTX3000",
            "PTX5000",
            "QFX10000"
          ],
          "product": "Junos OS",
          "vendor": "Juniper Networks",
          "versions": [
            {
              "lessThan": "20.4R3-S8",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "21.1*",
              "status": "affected",
              "version": "21.1R1",
              "versionType": "semver"
            },
            {
              "lessThan": "21.2R3-S6",
              "status": "affected",
              "version": "21.2",
              "versionType": "semver"
            },
            {
              "lessThan": "21.3R3-S5",
              "status": "affected",
              "version": "21.3",
              "versionType": "semver"
            },
            {
              "lessThan": "21.4R3-S4",
              "status": "affected",
              "version": "21.4",
              "versionType": "semver"
            },
            {
              "lessThan": "22.1R3-S3",
              "status": "affected",
              "version": "22.1",
              "versionType": "semver"
            },
            {
              "lessThan": "22.2R3-S1",
              "status": "affected",
              "version": "22.2",
              "versionType": "semver"
            },
            {
              "lessThan": "22.3R2-S2, 22.3R3",
              "status": "affected",
              "version": "22.3",
              "versionType": "semver"
            },
            {
              "lessThan": "22.4R2",
              "status": "affected",
              "version": "22.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following configuration is affected by this issue:\u003c/p\u003e \u003ctt\u003e[protocols bgp group family flow]\u003c/tt\u003e"
            }
          ],
          "value": "The following configuration is affected by this issue:\n\n [protocols bgp group family flow]"
        }
      ],
      "datePublic": "2023-10-11T16:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\n\u003cp\u003eA Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).\u003c/p\u003e\u003cp\u003ePTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs do not support certain flow-routes. Once a flow-route is received over an established BGP session and an attempt is made to install the resulting filter into the PFE, FPC heap memory is leaked. The FPC heap memory can be monitored using the CLI command \"show chassis fpc\".\u003c/p\u003e\u003cp\u003eThe following syslog messages can be observed if the respective filter derived from a flow-route cannot be installed.\u003c/p\u003e\u003ccode\u003eexpr_dfw_sfm_range_add:661 SFM packet-length Unable to get a sfm entry for updating the hw\u003c/code\u003e\u003cbr\u003e\u003ccode\u003eexpr_dfw_hw_sfm_add:750 Unable to add the filter secondarymatch to the hardware\u003c/code\u003e\u003cbr\u003e\u003ccode\u003eexpr_dfw_base_hw_add:52 Failed to add h/w sfm data.\u003c/code\u003e\u003cbr\u003e\u003ccode\u003eexpr_dfw_base_hw_create:114 Failed to add h/w data.\u003c/code\u003e\u003cbr\u003e\u003ccode\u003eexpr_dfw_base_pfe_inst_create:241 Failed to create base inst for sfilter 0 on PFE 0 for __flowspec_default_inet__\u003c/code\u003e\u003cbr\u003e\u003ccode\u003eexpr_dfw_flt_inst_change:1368 Failed to create __flowspec_default_inet__ on PFE 0\u003c/code\u003e\u003cbr\u003e\u003ccode\u003eexpr_dfw_hw_pgm_fnum:465 dfw_pfe_inst_old not found for pfe_index 0!\u003c/code\u003e\u003cbr\u003e\u003ccode\u003eexpr_dfw_bp_pgm_flt_num:548 Failed to pgm bind-point in hw: generic failure\u003c/code\u003e\u003cbr\u003e\u003ccode\u003eexpr_dfw_bp_topo_handler:1102 Failed to program fnum.\u003c/code\u003e\u003cbr\u003e\u003ccode\u003eexpr_dfw_entry_process_change:679 Failed to change instance for filter __flowspec_default_inet__.\u003c/code\u003e\u003cbr\u003e\u003cp\u003eThis issue affects Juniper Networks Junos OS:\u003c/p\u003e\u003cp\u003eon PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.4R3-S5;\u003c/li\u003e\u003cli\u003e21.1 versions prior to 21.1R3-S4;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S2;\u003c/li\u003e\u003cli\u003e21.3 versions prior to 21.3R3;\u003c/li\u003e\u003cli\u003e21.4 versions prior to 21.4R2-S2, 21.4R3;\u003c/li\u003e\u003cli\u003e22.1 versions prior to 22.1R1-S2, 22.1R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\u003cp\u003eon PTX3000, PTX5000, QFX10000:\u003c/p\u003e\u003cp\u003e\u003c/p\u003e\u003cul\u003e\u003cli\u003eAll versions prior to 20.4R3-S8;\u003c/li\u003e\u003cli\u003e21.1 version 21.1R1 and later versions;\u003c/li\u003e\u003cli\u003e21.2 versions prior to 21.2R3-S6;\u003c/li\u003e\u003cli\u003e21.3 versions prior to 21.3R3-S5;\u003c/li\u003e\u003cli\u003e21.4 versions prior to 21.4R3-S4;\u003c/li\u003e\u003cli\u003e22.1 versions prior to 22.1R3-S3\u003c/li\u003e\u003cli\u003e22.2 versions prior to 22.2R3-S1\u003c/li\u003e\u003cli\u003e22.3 versions prior to 22.3R2-S2, 22.3R3\u003c/li\u003e\u003cli\u003e22.4 versions prior to 22.4R2.\u003c/li\u003e\u003c/ul\u003e\u003cp\u003e\u003c/p\u003e\n\n"
            }
          ],
          "value": "\nA Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).\n\nPTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs do not support certain flow-routes. Once a flow-route is received over an established BGP session and an attempt is made to install the resulting filter into the PFE, FPC heap memory is leaked. The FPC heap memory can be monitored using the CLI command \"show chassis fpc\".\n\nThe following syslog messages can be observed if the respective filter derived from a flow-route cannot be installed.\n\nexpr_dfw_sfm_range_add:661 SFM packet-length Unable to get a sfm entry for updating the hw\nexpr_dfw_hw_sfm_add:750 Unable to add the filter secondarymatch to the hardware\nexpr_dfw_base_hw_add:52 Failed to add h/w sfm data.\nexpr_dfw_base_hw_create:114 Failed to add h/w data.\nexpr_dfw_base_pfe_inst_create:241 Failed to create base inst for sfilter 0 on PFE 0 for __flowspec_default_inet__\nexpr_dfw_flt_inst_change:1368 Failed to create __flowspec_default_inet__ on PFE 0\nexpr_dfw_hw_pgm_fnum:465 dfw_pfe_inst_old not found for pfe_index 0!\nexpr_dfw_bp_pgm_flt_num:548 Failed to pgm bind-point in hw: generic failure\nexpr_dfw_bp_topo_handler:1102 Failed to program fnum.\nexpr_dfw_entry_process_change:679 Failed to change instance for filter __flowspec_default_inet__.\nThis issue affects Juniper Networks Junos OS:\n\non PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs:\n\n\n\n  *  All versions prior to 20.4R3-S5;\n  *  21.1 versions prior to 21.1R3-S4;\n  *  21.2 versions prior to 21.2R3-S2;\n  *  21.3 versions prior to 21.3R3;\n  *  21.4 versions prior to 21.4R2-S2, 21.4R3;\n  *  22.1 versions prior to 22.1R1-S2, 22.1R2.\n\n\n\n\non PTX3000, PTX5000, QFX10000:\n\n\n\n  *  All versions prior to 20.4R3-S8;\n  *  21.1 version 21.1R1 and later versions;\n  *  21.2 versions prior to 21.2R3-S6;\n  *  21.3 versions prior to 21.3R3-S5;\n  *  21.4 versions prior to 21.4R3-S4;\n  *  22.1 versions prior to 22.1R3-S3\n  *  22.2 versions prior to 22.2R3-S1\n  *  22.3 versions prior to 22.3R2-S2, 22.3R3\n  *  22.4 versions prior to 22.4R2.\n\n\n\n\n\n\n"
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eJuniper SIRT is not aware of any malicious exploitation of this vulnerability.\u003c/p\u003e"
            }
          ],
          "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "CWE-401 A Missing Release of Memory after Effective Lifetime",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "description": "Denial of Service (DoS)",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-23T19:10:26.391Z",
        "orgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
        "shortName": "juniper"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://supportportal.juniper.net/JSA73530"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThe following software releases have been updated to resolve this specific issue: \u003c/p\u003e\u003cp\u003eFor PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs: Junos OS 20.4R3-S5, 21.1R3-S4, 21.2R3-S2, 21.3R3, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R2, 22.2R1, and all subsequent releases.\u003c/p\u003e\u003cp\u003eFor PTX3000, PTX5000, QFX10000: Junos OS 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2, 23.2R1, and all subsequent releases.\u003c/p\u003e"
            }
          ],
          "value": "The following software releases have been updated to resolve this specific issue: \n\nFor PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs: Junos OS 20.4R3-S5, 21.1R3-S4, 21.2R3-S2, 21.3R3, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R2, 22.2R1, and all subsequent releases.\n\nFor PTX3000, PTX5000, QFX10000: Junos OS 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2, 23.2R1, and all subsequent releases.\n\n"
        }
      ],
      "source": {
        "advisory": "JSA73530",
        "defect": [
          "1650443",
          "1716398"
        ],
        "discovery": "USER"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2023-10-11T16:00:00.000Z",
          "value": "Initial Publication"
        },
        {
          "lang": "en",
          "time": "2023-11-23T17:00:00.000Z",
          "value": "Corrected vendor-advisory reference URL"
        }
      ],
      "title": "Junos OS: PTX Series and QFX10000 Series: Received flow-routes which aren\u0027t installed as the hardware doesn\u0027t support them, lead to an FPC heap memory leak",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eThere are no known workarounds for this issue.\u003c/p\u003e"
            }
          ],
          "value": "There are no known workarounds for this issue.\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-av217"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8cbe9d5a-a066-4c94-8978-4b15efeae968",
    "assignerShortName": "juniper",
    "cveId": "CVE-2023-22392",
    "datePublished": "2023-10-12T22:55:42.016Z",
    "dateReserved": "2022-12-27T16:52:14.098Z",
    "dateUpdated": "2024-08-02T10:07:06.639Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-21666 (GCVE-0-2023-21666)

Vulnerability from cvelistv5 – Published: 2023-05-02 05:08 – Updated: 2024-08-02 09:44
VLAI
Title
Improper Release of Memory Before Removing Last Reference (`Memory Leak`) in Graphics
Summary
Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.
CWE
  • CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')
Assigner
Impacted products
Vendor Product Version
Qualcomm, Inc. Snapdragon Affected: 315 5G IoT Modem
Affected: 9206 LTE Modem
Affected: APQ8017
Affected: AQT1000
Affected: AR8031
Affected: AR8035
Affected: C-V2X 9150
Affected: CSRA6620
Affected: CSRA6640
Affected: CSRB31024
Affected: FastConnect 6200
Affected: FastConnect 6800
Affected: FastConnect 6900
Affected: Flight RB5 5G Platform
Affected: Home Hub 100 Platform
Affected: MDM9250
Affected: MDM9628
Affected: MDM9650
Affected: MSM8108
Affected: MSM8209
Affected: MSM8608
Affected: MSM8909W
Affected: QCA6174
Affected: QCA6174A
Affected: QCA6310
Affected: QCA6320
Affected: QCA6335
Affected: QCA6391
Affected: QCA6420
Affected: QCA6421
Affected: QCA6426
Affected: QCA6430
Affected: QCA6431
Affected: QCA6436
Affected: QCA6564
Affected: QCA6564A
Affected: QCA6564AU
Affected: QCA6574
Affected: QCA6574A
Affected: QCA6574AU
Affected: QCA6595
Affected: QCA6595AU
Affected: QCA6696
Affected: QCA8337
Affected: QCA9367
Affected: QCA9377
Affected: QCA9379
Affected: QCM2290
Affected: QCM4290
Affected: QCM6125
Affected: QCN9011
Affected: QCN9012
Affected: QCN9074
Affected: QCS2290
Affected: QCS410
Affected: QCS4290
Affected: QCS610
Affected: QCS6125
Affected: QCS8155
Affected: QCS8250
Affected: QRB5165M
Affected: QRB5165N
Affected: QSM8250
Affected: Qualcomm 205 Mobile Platform
Affected: Qualcomm 215 Mobile Platform
Affected: Robotics RB3 Platform
Affected: Robotics RB5 Platform
Affected: SA6145P
Affected: SA6150P
Affected: SA6155
Affected: SA6155P
Affected: SA8145P
Affected: SA8150P
Affected: SA8155
Affected: SA8155P
Affected: SA8195P
Affected: SD 675
Affected: SD626
Affected: SD660
Affected: SD670
Affected: SD675
Affected: SD730
Affected: SD835
Affected: SD855
Affected: SD865 5G
Affected: SDM429W
Affected: SDX20M
Affected: SDX55
Affected: SM4125
Affected: SM6250
Affected: SM6250P
Affected: SM7250P
Affected: Smart Audio 200 Platform
Affected: Smart Audio 400 Platform
Affected: Smart Display 200 Platform (APQ5053-AA)
Affected: Snapdragon 1200 Wearable Platform
Affected: Snapdragon 208 Processor
Affected: Snapdragon 210 Processor
Affected: Snapdragon 212 Mobile Platform
Affected: Snapdragon 425 Mobile Platform
Affected: Snapdragon 429 Mobile Platform
Affected: Snapdragon 439 Mobile Platform
Affected: Snapdragon 450 Mobile Platform
Affected: Snapdragon 460 Mobile Platform
Affected: Snapdragon 625 Mobile Platform
Affected: Snapdragon 626 Mobile Platform
Affected: Snapdragon 632 Mobile Platform
Affected: Snapdragon 660 Mobile Platform
Affected: Snapdragon 662 Mobile Platform
Affected: Snapdragon 665 Mobile Platform
Affected: Snapdragon 670 Mobile Platform
Affected: Snapdragon 675 Mobile Platform
Affected: Snapdragon 678 Mobile Platform (SM6150-AC)
Affected: Snapdragon 680 4G Mobile Platform
Affected: Snapdragon 685 4G Mobile Platform (SM6225-AD)
Affected: Snapdragon 690 5G Mobile Platform
Affected: Snapdragon 710 Mobile Platform
Affected: Snapdragon 720G Mobile Platform
Affected: Snapdragon 730 Mobile Platform (SM7150-AA)
Affected: Snapdragon 730G Mobile Platform (SM7150-AB)
Affected: Snapdragon 732G Mobile Platform (SM7150-AC)
Affected: Snapdragon 750G 5G Mobile Platform
Affected: Snapdragon 765 5G Mobile Platform (SM7250-AA)
Affected: Snapdragon 765G 5G Mobile Platform (SM7250-AB)
Affected: Snapdragon 768G 5G Mobile Platform (SM7250-AC)
Affected: Snapdragon 820 Automotive Platform
Affected: Snapdragon 835 Mobile PC Platform
Affected: Snapdragon 845 Mobile Platform
Affected: Snapdragon 855 Mobile Platform
Affected: Snapdragon 855+/860 Mobile Platform (SM8150-AC)
Affected: Snapdragon 865 5G Mobile Platform
Affected: Snapdragon 865+ 5G Mobile Platform (SM8250-AB)
Affected: Snapdragon 870 5G Mobile Platform (SM8250-AC)
Affected: Snapdragon Auto 5G Modem-RF
Affected: Snapdragon Wear 2100 Platform
Affected: Snapdragon Wear 2500 Platform
Affected: Snapdragon Wear 3100 Platform
Affected: Snapdragon Wear 4100+ Platform
Affected: Snapdragon X20 LTE Modem
Affected: Snapdragon X24 LTE Modem
Affected: Snapdragon X5 LTE Modem
Affected: Snapdragon X50 5G Modem-RF System
Affected: Snapdragon X55 5G Modem-RF System
Affected: Snapdragon XR1 Platform
Affected: Snapdragon XR2 5G Platform
Affected: Snapdragon XR2+ Gen 1 Platform
Affected: Snapdragon Auto 4G Modem
Affected: SXR1120
Affected: SXR2130
Affected: Vision Intelligence 100 Platform (APQ8053-AA)
Affected: Vision Intelligence 200 Platform (APQ8053-AC)
Affected: Vision Intelligence 400 Platform
Affected: WCD9326
Affected: WCD9330
Affected: WCD9335
Affected: WCD9340
Affected: WCD9341
Affected: WCD9370
Affected: WCD9371
Affected: WCD9375
Affected: WCD9380
Affected: WCD9385
Affected: WCN3610
Affected: WCN3615
Affected: WCN3620
Affected: WCN3660
Affected: WCN3660B
Affected: WCN3680
Affected: WCN3680B
Affected: WCN3910
Affected: WCN3950
Affected: WCN3980
Affected: WCN3988
Affected: WCN3990
Affected: WCN3999
Affected: WSA8810
Affected: WSA8815
Affected: WSA8830
Affected: WSA8835
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:44:02.143Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/172664/Qualcomm-Adreno-KGSL-Data-Leakage.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "platforms": [
            "Snapdragon Auto",
            "Snapdragon Compute",
            "Snapdragon Connectivity",
            "Snapdragon Consumer IOT",
            "Snapdragon Industrial IOT",
            "Snapdragon Mobile",
            "Snapdragon Voice \u0026 Music",
            "Snapdragon Wearables"
          ],
          "product": "Snapdragon",
          "vendor": "Qualcomm, Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "315 5G IoT Modem"
            },
            {
              "status": "affected",
              "version": "9206 LTE Modem"
            },
            {
              "status": "affected",
              "version": "APQ8017"
            },
            {
              "status": "affected",
              "version": "AQT1000"
            },
            {
              "status": "affected",
              "version": "AR8031"
            },
            {
              "status": "affected",
              "version": "AR8035"
            },
            {
              "status": "affected",
              "version": "C-V2X 9150"
            },
            {
              "status": "affected",
              "version": "CSRA6620"
            },
            {
              "status": "affected",
              "version": "CSRA6640"
            },
            {
              "status": "affected",
              "version": "CSRB31024"
            },
            {
              "status": "affected",
              "version": "FastConnect 6200"
            },
            {
              "status": "affected",
              "version": "FastConnect 6800"
            },
            {
              "status": "affected",
              "version": "FastConnect 6900"
            },
            {
              "status": "affected",
              "version": "Flight RB5 5G Platform"
            },
            {
              "status": "affected",
              "version": "Home Hub 100 Platform"
            },
            {
              "status": "affected",
              "version": "MDM9250"
            },
            {
              "status": "affected",
              "version": "MDM9628"
            },
            {
              "status": "affected",
              "version": "MDM9650"
            },
            {
              "status": "affected",
              "version": "MSM8108"
            },
            {
              "status": "affected",
              "version": "MSM8209"
            },
            {
              "status": "affected",
              "version": "MSM8608"
            },
            {
              "status": "affected",
              "version": "MSM8909W"
            },
            {
              "status": "affected",
              "version": "QCA6174"
            },
            {
              "status": "affected",
              "version": "QCA6174A"
            },
            {
              "status": "affected",
              "version": "QCA6310"
            },
            {
              "status": "affected",
              "version": "QCA6320"
            },
            {
              "status": "affected",
              "version": "QCA6335"
            },
            {
              "status": "affected",
              "version": "QCA6391"
            },
            {
              "status": "affected",
              "version": "QCA6420"
            },
            {
              "status": "affected",
              "version": "QCA6421"
            },
            {
              "status": "affected",
              "version": "QCA6426"
            },
            {
              "status": "affected",
              "version": "QCA6430"
            },
            {
              "status": "affected",
              "version": "QCA6431"
            },
            {
              "status": "affected",
              "version": "QCA6436"
            },
            {
              "status": "affected",
              "version": "QCA6564"
            },
            {
              "status": "affected",
              "version": "QCA6564A"
            },
            {
              "status": "affected",
              "version": "QCA6564AU"
            },
            {
              "status": "affected",
              "version": "QCA6574"
            },
            {
              "status": "affected",
              "version": "QCA6574A"
            },
            {
              "status": "affected",
              "version": "QCA6574AU"
            },
            {
              "status": "affected",
              "version": "QCA6595"
            },
            {
              "status": "affected",
              "version": "QCA6595AU"
            },
            {
              "status": "affected",
              "version": "QCA6696"
            },
            {
              "status": "affected",
              "version": "QCA8337"
            },
            {
              "status": "affected",
              "version": "QCA9367"
            },
            {
              "status": "affected",
              "version": "QCA9377"
            },
            {
              "status": "affected",
              "version": "QCA9379"
            },
            {
              "status": "affected",
              "version": "QCM2290"
            },
            {
              "status": "affected",
              "version": "QCM4290"
            },
            {
              "status": "affected",
              "version": "QCM6125"
            },
            {
              "status": "affected",
              "version": "QCN9011"
            },
            {
              "status": "affected",
              "version": "QCN9012"
            },
            {
              "status": "affected",
              "version": "QCN9074"
            },
            {
              "status": "affected",
              "version": "QCS2290"
            },
            {
              "status": "affected",
              "version": "QCS410"
            },
            {
              "status": "affected",
              "version": "QCS4290"
            },
            {
              "status": "affected",
              "version": "QCS610"
            },
            {
              "status": "affected",
              "version": "QCS6125"
            },
            {
              "status": "affected",
              "version": "QCS8155"
            },
            {
              "status": "affected",
              "version": "QCS8250"
            },
            {
              "status": "affected",
              "version": "QRB5165M"
            },
            {
              "status": "affected",
              "version": "QRB5165N"
            },
            {
              "status": "affected",
              "version": "QSM8250"
            },
            {
              "status": "affected",
              "version": "Qualcomm 205 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Qualcomm 215 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Robotics RB3 Platform"
            },
            {
              "status": "affected",
              "version": "Robotics RB5 Platform"
            },
            {
              "status": "affected",
              "version": "SA6145P"
            },
            {
              "status": "affected",
              "version": "SA6150P"
            },
            {
              "status": "affected",
              "version": "SA6155"
            },
            {
              "status": "affected",
              "version": "SA6155P"
            },
            {
              "status": "affected",
              "version": "SA8145P"
            },
            {
              "status": "affected",
              "version": "SA8150P"
            },
            {
              "status": "affected",
              "version": "SA8155"
            },
            {
              "status": "affected",
              "version": "SA8155P"
            },
            {
              "status": "affected",
              "version": "SA8195P"
            },
            {
              "status": "affected",
              "version": "SD 675"
            },
            {
              "status": "affected",
              "version": "SD626"
            },
            {
              "status": "affected",
              "version": "SD660"
            },
            {
              "status": "affected",
              "version": "SD670"
            },
            {
              "status": "affected",
              "version": "SD675"
            },
            {
              "status": "affected",
              "version": "SD730"
            },
            {
              "status": "affected",
              "version": "SD835"
            },
            {
              "status": "affected",
              "version": "SD855"
            },
            {
              "status": "affected",
              "version": "SD865 5G"
            },
            {
              "status": "affected",
              "version": "SDM429W"
            },
            {
              "status": "affected",
              "version": "SDX20M"
            },
            {
              "status": "affected",
              "version": "SDX55"
            },
            {
              "status": "affected",
              "version": "SM4125"
            },
            {
              "status": "affected",
              "version": "SM6250"
            },
            {
              "status": "affected",
              "version": "SM6250P"
            },
            {
              "status": "affected",
              "version": "SM7250P"
            },
            {
              "status": "affected",
              "version": "Smart Audio 200 Platform"
            },
            {
              "status": "affected",
              "version": "Smart Audio 400 Platform"
            },
            {
              "status": "affected",
              "version": "Smart Display 200 Platform (APQ5053-AA)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 1200 Wearable Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 208 Processor"
            },
            {
              "status": "affected",
              "version": "Snapdragon 210 Processor"
            },
            {
              "status": "affected",
              "version": "Snapdragon 212 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 425 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 429 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 439 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 450 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 460 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 625 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 626 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 632 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 660 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 662 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 665 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 670 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 675 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 678 Mobile Platform (SM6150-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 680 4G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 685 4G Mobile Platform (SM6225-AD)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 690 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 710 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 720G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 730 Mobile Platform (SM7150-AA)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 730G Mobile Platform (SM7150-AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 732G Mobile Platform (SM7150-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 750G 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 765 5G Mobile Platform (SM7250-AA)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 765G 5G Mobile Platform (SM7250-AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 768G 5G Mobile Platform (SM7250-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 820 Automotive Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 835 Mobile PC Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 845 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 855 Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 855+/860 Mobile Platform (SM8150-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 865 5G Mobile Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon 865+ 5G Mobile Platform (SM8250-AB)"
            },
            {
              "status": "affected",
              "version": "Snapdragon 870 5G Mobile Platform (SM8250-AC)"
            },
            {
              "status": "affected",
              "version": "Snapdragon Auto 5G Modem-RF"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 2100 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 2500 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 3100 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Wear 4100+ Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon X20 LTE Modem"
            },
            {
              "status": "affected",
              "version": "Snapdragon X24 LTE Modem"
            },
            {
              "status": "affected",
              "version": "Snapdragon X5 LTE Modem"
            },
            {
              "status": "affected",
              "version": "Snapdragon X50 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon X55 5G Modem-RF System"
            },
            {
              "status": "affected",
              "version": "Snapdragon XR1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon XR2 5G Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon XR2+ Gen 1 Platform"
            },
            {
              "status": "affected",
              "version": "Snapdragon Auto 4G Modem"
            },
            {
              "status": "affected",
              "version": "SXR1120"
            },
            {
              "status": "affected",
              "version": "SXR2130"
            },
            {
              "status": "affected",
              "version": "Vision Intelligence 100 Platform (APQ8053-AA)"
            },
            {
              "status": "affected",
              "version": "Vision Intelligence 200 Platform (APQ8053-AC)"
            },
            {
              "status": "affected",
              "version": "Vision Intelligence 400 Platform"
            },
            {
              "status": "affected",
              "version": "WCD9326"
            },
            {
              "status": "affected",
              "version": "WCD9330"
            },
            {
              "status": "affected",
              "version": "WCD9335"
            },
            {
              "status": "affected",
              "version": "WCD9340"
            },
            {
              "status": "affected",
              "version": "WCD9341"
            },
            {
              "status": "affected",
              "version": "WCD9370"
            },
            {
              "status": "affected",
              "version": "WCD9371"
            },
            {
              "status": "affected",
              "version": "WCD9375"
            },
            {
              "status": "affected",
              "version": "WCD9380"
            },
            {
              "status": "affected",
              "version": "WCD9385"
            },
            {
              "status": "affected",
              "version": "WCN3610"
            },
            {
              "status": "affected",
              "version": "WCN3615"
            },
            {
              "status": "affected",
              "version": "WCN3620"
            },
            {
              "status": "affected",
              "version": "WCN3660"
            },
            {
              "status": "affected",
              "version": "WCN3660B"
            },
            {
              "status": "affected",
              "version": "WCN3680"
            },
            {
              "status": "affected",
              "version": "WCN3680B"
            },
            {
              "status": "affected",
              "version": "WCN3910"
            },
            {
              "status": "affected",
              "version": "WCN3950"
            },
            {
              "status": "affected",
              "version": "WCN3980"
            },
            {
              "status": "affected",
              "version": "WCN3988"
            },
            {
              "status": "affected",
              "version": "WCN3990"
            },
            {
              "status": "affected",
              "version": "WCN3999"
            },
            {
              "status": "affected",
              "version": "WSA8810"
            },
            {
              "status": "affected",
              "version": "WSA8815"
            },
            {
              "status": "affected",
              "version": "WSA8830"
            },
            {
              "status": "affected",
              "version": "WSA8835"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "CWE-401 Improper Release of Memory Before Removing Last Reference (\u0027Memory Leak\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-04-12T16:28:04.919Z",
        "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
        "shortName": "qualcomm"
      },
      "references": [
        {
          "url": "https://www.qualcomm.com/company/product-security/bulletins/may-2023-bulletin"
        },
        {
          "url": "http://packetstormsecurity.com/files/172664/Qualcomm-Adreno-KGSL-Data-Leakage.html"
        }
      ],
      "title": "Improper Release of Memory Before Removing Last Reference (`Memory Leak`) in Graphics"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
    "assignerShortName": "qualcomm",
    "cveId": "CVE-2023-21666",
    "datePublished": "2023-05-02T05:08:59.157Z",
    "dateReserved": "2022-12-07T02:58:25.874Z",
    "dateUpdated": "2024-08-02T09:44:02.143Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-20251 (GCVE-0-2023-20251)

Vulnerability from cvelistv5 – Published: 2023-09-27 17:25 – Updated: 2024-08-02 09:05
VLAI
Summary
A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot. This vulnerability is due to memory leaks caused by multiple clients connecting under specific conditions. An attacker could exploit this vulnerability by causing multiple wireless clients to attempt to connect to an access point (AP) on an affected device. A successful exploit could allow the attacker to cause the affected device to reboot after a significant amount of time, resulting in a denial of service (DoS) condition.
CWE
  • CWE-401 - Missing Release of Memory after Effective Lifetime
Assigner
Impacted products
Vendor Product Version
Cisco Cisco Wireless LAN Controller (WLC) Affected: 8.10.162.0
Affected: 8.10.151.0
Affected: 8.10.171.0
Affected: 8.10.170.0
Affected: 8.10.181.0
Affected: 8.10.182.0
Affected: 8.10.183.0
Affected: 8.10.185.0
Create a notification for this product.
Cisco Cisco Mobility Express Affected: 8.10.183.0
Affected: 8.10.162.0
Affected: 8.10.151.0
Affected: 8.10.185.0
Affected: 8.10.171.0
Affected: 8.10.182.0
Affected: 8.10.181.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T09:05:36.727Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "cisco-sa-cbw-dos-YSmbUqX3",
            "tags": [
              "x_transferred"
            ],
            "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbw-dos-YSmbUqX3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Cisco Wireless LAN Controller (WLC)",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "8.10.162.0"
            },
            {
              "status": "affected",
              "version": "8.10.151.0"
            },
            {
              "status": "affected",
              "version": "8.10.171.0"
            },
            {
              "status": "affected",
              "version": "8.10.170.0"
            },
            {
              "status": "affected",
              "version": "8.10.181.0"
            },
            {
              "status": "affected",
              "version": "8.10.182.0"
            },
            {
              "status": "affected",
              "version": "8.10.183.0"
            },
            {
              "status": "affected",
              "version": "8.10.185.0"
            }
          ]
        },
        {
          "product": "Cisco Mobility Express",
          "vendor": "Cisco",
          "versions": [
            {
              "status": "affected",
              "version": "8.10.183.0"
            },
            {
              "status": "affected",
              "version": "8.10.162.0"
            },
            {
              "status": "affected",
              "version": "8.10.151.0"
            },
            {
              "status": "affected",
              "version": "8.10.185.0"
            },
            {
              "status": "affected",
              "version": "8.10.171.0"
            },
            {
              "status": "affected",
              "version": "8.10.182.0"
            },
            {
              "status": "affected",
              "version": "8.10.181.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot.\r\n\r This vulnerability is due to memory leaks caused by multiple clients connecting under specific conditions. An attacker could exploit this vulnerability by causing multiple wireless clients to attempt to connect to an access point (AP) on an affected device. A successful exploit could allow the attacker to cause the affected device to reboot after a significant amount of time, resulting in a denial of service (DoS) condition."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "cvssV3_1"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "Missing Release of Memory after Effective Lifetime",
              "lang": "en",
              "type": "cwe"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-25T16:58:32.122Z",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "cisco-sa-cbw-dos-YSmbUqX3",
          "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cbw-dos-YSmbUqX3"
        }
      ],
      "source": {
        "advisory": "cisco-sa-cbw-dos-YSmbUqX3",
        "defects": [
          "CSCwe32125"
        ],
        "discovery": "INTERNAL"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2023-20251",
    "datePublished": "2023-09-27T17:25:25.453Z",
    "dateReserved": "2022-10-27T18:47:50.371Z",
    "dateUpdated": "2024-08-02T09:05:36.727Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-7192 (GCVE-0-2023-7192)

Vulnerability from cvelistv5 – Published: 2024-01-02 19:02 – Updated: 2025-11-20 18:07
VLAI
Title
Kernel: refcount leak in ctnetlink_create_conntrack()
Summary
A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-401 - Missing Release of Memory after Effective Lifetime
Assigner
References
URL Tags
https://access.redhat.com/errata/RHSA-2024:0723 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0725 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1188 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1250 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1306 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1367 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1382 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1404 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2006 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:2008 vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-7192 vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2256279 issue-trackingx_refsource_REDHAT
https://git.kernel.org/pub/scm/linux/kernel/git/n…
Impacted products
Vendor Product Version
Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support Unaffected: 0:4.18.0-193.133.1.el8_2 , < * (rpm)
    cpe:/o:redhat:rhel_tus:8.2::baseos
    cpe:/o:redhat:rhel_e4s:8.2::baseos
    cpe:/o:redhat:rhel_aus:8.2::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.2 Telecommunications Update Service Unaffected: 0:4.18.0-193.133.1.rt13.184.el8_2 , < * (rpm)
    cpe:/a:redhat:rhel_tus:8.2::realtime
    cpe:/a:redhat:rhel_tus:8.2::nfv
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.2 Telecommunications Update Service Unaffected: 0:4.18.0-193.133.1.el8_2 , < * (rpm)
    cpe:/o:redhat:rhel_tus:8.2::baseos
    cpe:/o:redhat:rhel_e4s:8.2::baseos
    cpe:/o:redhat:rhel_aus:8.2::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Unaffected: 0:4.18.0-193.133.1.el8_2 , < * (rpm)
    cpe:/o:redhat:rhel_tus:8.2::baseos
    cpe:/o:redhat:rhel_e4s:8.2::baseos
    cpe:/o:redhat:rhel_aus:8.2::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Unaffected: 0:4.18.0-305.125.1.el8_4 , < * (rpm)
    cpe:/o:redhat:rhel_e4s:8.4::baseos
    cpe:/o:redhat:rhel_tus:8.4::baseos
    cpe:/o:redhat:rhel_aus:8.4::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:4.18.0-305.125.1.rt7.201.el8_4 , < * (rpm)
    cpe:/a:redhat:rhel_tus:8.4::nfv
    cpe:/a:redhat:rhel_tus:8.4::realtime
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service Unaffected: 0:4.18.0-305.125.1.el8_4 , < * (rpm)
    cpe:/o:redhat:rhel_e4s:8.4::baseos
    cpe:/o:redhat:rhel_tus:8.4::baseos
    cpe:/o:redhat:rhel_aus:8.4::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Unaffected: 0:4.18.0-305.125.1.el8_4 , < * (rpm)
    cpe:/o:redhat:rhel_e4s:8.4::baseos
    cpe:/o:redhat:rhel_tus:8.4::baseos
    cpe:/o:redhat:rhel_aus:8.4::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support Unaffected: 0:4.18.0-372.95.1.el8_6 , < * (rpm)
    cpe:/o:redhat:rhel_eus:8.6::baseos
    cpe:/a:redhat:rhel_eus:8.6::crb
    cpe:/o:redhat:rhev_hypervisor:4.4::el8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support Unaffected: 0:4.18.0-477.51.1.el8_8 , < * (rpm)
    cpe:/o:redhat:rhel_eus:8.8::baseos
    cpe:/a:redhat:rhel_eus:8.8::crb
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:5.14.0-70.93.2.el9_0 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.0::appstream
    cpe:/a:redhat:rhel_eus:9.0::crb
    cpe:/o:redhat:rhel_eus:9.0::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support Unaffected: 0:5.14.0-70.93.1.rt21.165.el9_0 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.0::nfv
    cpe:/a:redhat:rhel_eus:9.0::realtime
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.el9_2 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.2::crb
    cpe:/a:redhat:rhel_eus:9.2::appstream
    cpe:/o:redhat:rhel_eus:9.2::baseos
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:5.14.0-284.52.1.rt14.337.el9_2 , < * (rpm)
    cpe:/a:redhat:rhel_eus:9.2::nfv
    cpe:/a:redhat:rhel_eus:9.2::realtime
Create a notification for this product.
Red Hat Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 Unaffected: 0:4.18.0-372.95.1.el8_6 , < * (rpm)
    cpe:/o:redhat:rhel_eus:8.6::baseos
    cpe:/a:redhat:rhel_eus:8.6::crb
    cpe:/o:redhat:rhev_hypervisor:4.4::el8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
Create a notification for this product.
Red Hat Red Hat Enterprise Linux 9     cpe:/o:redhat:enterprise_linux:9
Create a notification for this product.
Date Public
2023-02-10 00:00
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T08:57:34.101Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2024:0723",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0723"
          },
          {
            "name": "RHSA-2024:0725",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:0725"
          },
          {
            "name": "RHSA-2024:1188",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1188"
          },
          {
            "name": "RHSA-2024:1250",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1250"
          },
          {
            "name": "RHSA-2024:1306",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1306"
          },
          {
            "name": "RHSA-2024:1367",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1367"
          },
          {
            "name": "RHSA-2024:1382",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1382"
          },
          {
            "name": "RHSA-2024:1404",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:1404"
          },
          {
            "name": "RHSA-2024:2006",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2006"
          },
          {
            "name": "RHSA-2024:2008",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2024:2008"
          },
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2023-7192"
          },
          {
            "name": "RHBZ#2256279",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256279"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=ac4893980bbe79ce383daf9a0885666a30fe4c83"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-7192",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-16T19:33:50.679311Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-14T19:11:30.973Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos",
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-193.133.1.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.2::realtime",
            "cpe:/a:redhat:rhel_tus:8.2::nfv"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-193.133.1.rt13.184.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos",
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-193.133.1.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_tus:8.2::baseos",
            "cpe:/o:redhat:rhel_e4s:8.2::baseos",
            "cpe:/o:redhat:rhel_aus:8.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-193.133.1.el8_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-305.125.1.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.4::nfv",
            "cpe:/a:redhat:rhel_tus:8.4::realtime"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-305.125.1.rt7.201.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-305.125.1.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_e4s:8.4::baseos",
            "cpe:/o:redhat:rhel_tus:8.4::baseos",
            "cpe:/o:redhat:rhel_aus:8.4::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-305.125.1.el8_4",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.6::baseos",
            "cpe:/a:redhat:rhel_eus:8.6::crb",
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-372.95.1.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.8::baseos",
            "cpe:/a:redhat:rhel_eus:8.8::crb"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-477.51.1.el8_8",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.0::appstream",
            "cpe:/a:redhat:rhel_eus:9.0::crb",
            "cpe:/o:redhat:rhel_eus:9.0::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-70.93.2.el9_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.0::nfv",
            "cpe:/a:redhat:rhel_eus:9.0::realtime"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-70.93.1.rt21.165.el9_0",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::crb",
            "cpe:/a:redhat:rhel_eus:9.2::appstream",
            "cpe:/o:redhat:rhel_eus:9.2::baseos"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-284.52.1.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.2::nfv",
            "cpe:/a:redhat:rhel_eus:9.2::realtime"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:5.14.0-284.52.1.rt14.337.el9_2",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:rhel_eus:8.6::baseos",
            "cpe:/a:redhat:rhel_eus:8.6::crb",
            "cpe:/o:redhat:rhev_hypervisor:4.4::el8"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
          "vendor": "Red Hat",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "0:4.18.0-372.95.1.el8_6",
              "versionType": "rpm"
            }
          ]
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "unknown",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:7"
          ],
          "defaultStatus": "unknown",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 7",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:8"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 8",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        },
        {
          "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:9"
          ],
          "defaultStatus": "affected",
          "packageName": "kernel-rt",
          "product": "Red Hat Enterprise Linux 9",
          "vendor": "Red Hat"
        }
      ],
      "datePublic": "2023-02-10T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "namespace": "https://access.redhat.com/security/updates/classification/",
              "value": "Moderate"
            },
            "type": "Red Hat severity rating"
          }
        },
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-401",
              "description": "Missing Release of Memory after Effective Lifetime",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T18:07:32.157Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2024:0723",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0723"
        },
        {
          "name": "RHSA-2024:0725",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:0725"
        },
        {
          "name": "RHSA-2024:1188",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1188"
        },
        {
          "name": "RHSA-2024:1250",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1250"
        },
        {
          "name": "RHSA-2024:1306",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1306"
        },
        {
          "name": "RHSA-2024:1367",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1367"
        },
        {
          "name": "RHSA-2024:1382",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1382"
        },
        {
          "name": "RHSA-2024:1404",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:1404"
        },
        {
          "name": "RHSA-2024:2006",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2006"
        },
        {
          "name": "RHSA-2024:2008",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2024:2008"
        },
        {
          "tags": [
            "vdb-entry",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/security/cve/CVE-2023-7192"
        },
        {
          "name": "RHBZ#2256279",
          "tags": [
            "issue-tracking",
            "x_refsource_REDHAT"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256279"
        },
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=ac4893980bbe79ce383daf9a0885666a30fe4c83"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2023-09-13T00:00:00.000Z",
          "value": "Reported to Red Hat."
        },
        {
          "lang": "en",
          "time": "2023-02-10T00:00:00.000Z",
          "value": "Made public."
        }
      ],
      "title": "Kernel: refcount leak in ctnetlink_create_conntrack()",
      "workarounds": [
        {
          "lang": "en",
          "value": "Triggering this issue requires the ability to create user/net namespaces.\n\nOn non-containerized deployments of Red Hat Enterprise Linux 8, you can disable user namespaces by setting user.max_user_namespaces to 0:\n\n# echo \"user.max_user_namespaces=0\" \u003e /etc/sysctl.d/userns.conf\n# sysctl -p /etc/sysctl.d/userns.conf\n\nOn containerized deployments, such as Red Hat OpenShift Container Platform, do not use this mitigation as the functionality is needed to be enabled.\n\nAlternatively, skip loading the affected netfilter module (i.e., nf_conntrack_netlink) onto the system until we have a fix available. This can be done by a blacklist mechanism which will ensure the driver is not loaded at boot time.\n~~~\nHow do I blacklist a kernel module to prevent it from loading automatically?\nhttps://access.redhat.com/solutions/41278 \n~~~"
        }
      ],
      "x_redhatCweChain": "CWE-401: Missing Release of Memory after Effective Lifetime"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-7192",
    "datePublished": "2024-01-02T19:02:45.371Z",
    "dateReserved": "2023-12-30T18:12:05.167Z",
    "dateUpdated": "2025-11-20T18:07:32.157Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Mitigation MIT-41
Implementation

Strategy: Libraries or Frameworks

  • Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
  • For example, glibc in Linux provides protection against free of invalid pointers.
  • When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
  • To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Mitigation
Architecture and Design

Use an abstraction library to abstract away risky APIs. Not a complete solution.

Mitigation
Architecture and Design Build and Compilation

Consider using the Boehm-Demers-Weiser garbage collector (bdwgc), which can help avoid leaks.

No CAPEC attack patterns related to this CWE.