How severe is CVE-2022-22153?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2022-22153?

This is classified as CWE-407, which is a common weakness in software security.

CVE-2022-22153

HIGH Year: 2022

CVSS v3 Score

7.5

High

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-407

View all →

Vulnerability Description

An Insufficient Algorithmic Complexity combined with an Allocation of Resources Without Limits or Throttling vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series and MX Series with SPC3 allows an unauthenticated network attacker to cause latency in transit packet processing and even packet loss. If transit traffic includes a significant percentage (> 5%) of fragmented packets which need to be reassembled, high latency or packet drops might be observed. This issue affects Juniper Networks Junos OS on SRX Series, MX Series with SPC3: All versions prior to 18.2R3; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2-S9, 18.4R3; 19.1 versions prior to 19.1R2; 19.2 versions prior to 19.2R1-S1, 19.2R2.

CVE-2016-10396

HIGH

CVSS:7.5(High)

The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable computational-complexity attack when parsing and storing ISAKMP fragments. The implementation permits a remote attacker to exhaus...

CWE-4072016

CVE-2017-11343

HIGH

CVSS:7.5(High)

Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN Scheme up to and including 4.12.0 are vulnerable to an algorithmic complexity attack. An attacker can provide crafted input which, w...

CWE-4072017

CVE-2018-12558

HIGH

CVSS:7.5(High)

The parse() method in the Email::Address module through 1.909 for Perl is vulnerable to Algorithmic complexity on specially prepared input, leading to Denial of Service. Prepared special input that ca...

CWE-4072018

CVE-2019-19331

HIGH

CVSS:7.5(High)

knot-resolver before version 4.3.0 is vulnerable to denial of service through high CPU utilization. DNS replies with very many resource records might be processed very inefficiently, in extreme cases ...

CWE-4072019

CVE-2021-33582

HIGH

CVSS:7.5(High)

Cyrus IMAP before 3.4.2 allows remote attackers to cause a denial of service (multiple-minute daemon hang) via input that is mishandled during hash-table interaction. Because there are many insertions...

CWE-4072021

CVE-2022-40188

HIGH

CVSS:7.5(High)

Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets...

CWE-4072022

CVE-2022-22153

Vulnerability Description

Related Vulnerabilities

CVE-2016-10396

CVE-2017-11343

CVE-2018-12558

CVE-2019-19331

CVE-2021-33582

CVE-2022-40188