{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-22235","assignerOrgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","assignerShortName":"juniper","datePublished":"2022-10-18T02:46:37.181Z","dateUpdated":"2025-05-10T02:39:23.740Z","dateReserved":"2021-12-21T00:00:00.000Z"},"containers":{"cna":{"title":"Junos OS: SRX Series: A flowd core will be observed when malformed GPRS traffic is processed","datePublic":"2022-10-12T00:00:00.000Z","providerMetadata":{"orgId":"8cbe9d5a-a066-4c94-8978-4b15efeae968","shortName":"juniper","dateUpdated":"2022-10-18T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based, attacker to cause Denial of Service (DoS). A PFE crash will happen when a GPRS Tunnel Protocol (GTP) packet is received with a malformed field in the IP header of GTP encapsulated General Packet Radio Services (GPRS) traffic. The packet needs to match existing state which is outside the attackers control, so the issue cannot be directly exploited. The issue will only be observed when endpoint address validation is enabled. This issue affects Juniper Networks Junos OS on SRX Series: 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S4; 20.4 versions prior to 20.4R3-S3; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.2R1."}],"affected":[{"vendor":"Juniper Networks","product":"Junos OS","versions":[{"version":"unspecified","lessThan":"20.2R1","status":"unaffected","versionType":"custom"},{"version":"20.2","status":"affected","lessThan":"20.2R3-S5","versionType":"custom"},{"version":"20.3","status":"affected","lessThan":"20.3R3-S4","versionType":"custom"},{"version":"20.4","status":"affected","lessThan":"20.4R3-S3","versionType":"custom"},{"version":"21.1","status":"affected","lessThan":"21.1R3-S2","versionType":"custom"},{"version":"21.2","status":"affected","lessThan":"21.2R3-S1","versionType":"custom"},{"version":"21.3","status":"affected","lessThan":"21.3R3","versionType":"custom"},{"version":"21.4","status":"affected","lessThan":"21.4R1-S2, 21.4R2","versionType":"custom"},{"version":"22.1","status":"affected","lessThan":"22.1R1-S1, 22.1R2","versionType":"custom"}],"platforms":["SRX Series"]}],"references":[{"url":"https://kb.juniper.net/JSA69891"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.9,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-754 Improper Check for Unusual or Exceptional Conditions","cweId":"CWE-754"}]},{"descriptions":[{"type":"text","lang":"en","description":"Denial of Service (DoS)"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"advisory":"JSA69891","defect":["1634396"],"discovery":"USER"},"configurations":[{"lang":"en","value":"A device can only be affected by this vulnerability if the following configuration is present:\n\n  [security gtp profile <profile> end-user-address-validated]"}],"workarounds":[{"lang":"en","value":"This issue can be temporarily mitigated by disabling the end-point-address-validated security feature."}],"exploits":[{"lang":"en","value":"Juniper SIRT is not aware of any malicious exploitation of this vulnerability."}],"solutions":[{"lang":"en","value":"The following software releases have been updated to resolve this specific issue: 20.2R3-S5, 20.3R3-S4, 20.4R3-S3, 21.1R3-S2, 21.2R3-S1, 21.3R3, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, and all subsequent releases."}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T03:07:50.210Z"},"title":"CVE Program Container","references":[{"url":"https://kb.juniper.net/JSA69891","tags":["x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-05-10T02:39:07.676351Z","id":"CVE-2022-22235","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-05-10T02:39:23.740Z"}}]}}