CVE-2022-22236

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS versions prior to 20.4R3-S4 Juniper Networks Junos OS versions prior to 21.1R3-S2 Juniper Networks Junos OS versions prior to 21.2R3-S2 Juniper Networks Junos OS versions prior to 21.3R2-S2 Juniper Networks Junos OS versions prior to 21.3R3 Juniper Networks Junos OS versions prior to 21.4R1-S2 Juniper Networks Junos OS versions prior to 21.4R2 Juniper Networks Junos OS versions prior to 22.1R1-S1 Juniper Networks Junos OS versions prior to 22.1R2

Description The issue is related to the use of an uninitialized pointer in the SIP Application Layer Gateway (ALG) of Juniper Networks Junos OS. This can be exploited by a remote attacker to cause a denial of service (DoS) by sending specific valid SIP packets, resulting in the crash and restart of the PFE.

Recommendations For versions prior to 20.4R3-S4, update to 20.4R3-S4 or later. For versions prior to 21.1R3-S2, update to 21.1R3-S2 or later. For versions prior to 21.2R3-S2, update to 21.2R3-S2 or later. For versions prior to 21.3R2-S2, update to 21.3R2-S2 or later. For versions prior to 21.3R3, update to 21.3R3 or later. For versions prior to 21.4R1-S2, update to 21.4R1-S2 or later. For versions prior to 21.4R2, update to 21.4R2 or later. For versions prior to 22.1R1-S1, update to 22.1R1-S1 or later. For versions prior to 22.1R2, update to 22.1R2 or later.