How severe is CVE-2022-22175?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2022-22175?

This is classified as CWE-667, which is a common weakness in software security.

CVE-2022-22175

HIGH Year: 2022

CVSS v3 Score

7.5

High

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-667

View all →

Vulnerability Description

An Improper Locking vulnerability in the SIP ALG of Juniper Networks Junos OS on MX Series and SRX Series allows an unauthenticated networked attacker to cause a flowprocessing daemon (flowd) crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue can occur in a scenario where the SIP ALG is enabled and specific SIP messages are being processed simultaneously. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series 20.4 versions prior to 20.4R3-S1; 21.1 versions prior to 21.1R2-S2, 21.1R3; 21.2 versions prior to 21.2R1-S2, 21.2R2; 21.3 versions prior to 21.3R1-S1, 21.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.

CVE-2002-1850

HIGH

CVSS:7.5(High)

mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data t...

CWE-6672002

CVE-2004-0174

HIGH

CVSS:7.5(High)

Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "s...

CWE-6672004

CVE-2006-2275

HIGH

CVSS:7.5(High)

Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickl...

CWE-6672006

CVE-2006-5158

HIGH

CVSS:7.5(High)

The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified ve...

CWE-6672006

CVE-2009-2699

HIGH

CVSS:7.5(High)

The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products,...

CWE-6672009

CVE-2009-4272

HIGH

CVSS:7.5(High)

A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that fo...

CWE-6672009

CVE-2022-22175

Vulnerability Description

Related Vulnerabilities

CVE-2002-1850

CVE-2004-0174

CVE-2006-2275

CVE-2006-5158

CVE-2009-2699

CVE-2009-4272