How severe is CVE-2022-22166?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-22166?

This is classified as CWE-1284, which is a common weakness in software security.

CVE-2022-22166 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

An Improper Validation of Specified Quantity in Input vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS allows an unauthenticated networked attacker to cause an rdp crash and thereby a Denial of Service (DoS). If a BGP update message is received over an established BGP session where a BGP SR-TE policy tunnel attribute is malformed and BGP update tracing flag is enabled, the rpd will core. This issue can happen with any BGP session as long as the previous conditions are met. This issue can not propagate as the crash occurs as soon as the malformed update is received. This issue affects Juniper Networks Junos OS: 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.

Related Vulnerabilities

CVE-2022-2592

MEDIUM

CVSS:6.5(Medium)

A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a m...

CWE-12842022

CVE-2022-3411

MEDIUM

CVSS:6.5(Medium)

A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue descript...

CWE-12842022

CVE-2022-4111

MEDIUM

CVSS:6.5(Medium)

Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB.

CWE-12842022

CVE-2023-36839

MEDIUM

CVSS:6.5(Medium)

An Improper Validation of Specified Quantity in Input vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent...

CWE-12842023

CVE-2024-24690

MEDIUM

CVSS:6.5(Medium)

Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access.

CWE-12842024

CVE-2024-24715

MEDIUM

CVSS:6.5(Medium)

Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through 2.4.0.

CWE-12842024