CVE-2022-22185

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on SRX Series versions 18.3 through 18.3R3-S6 Juniper Networks Junos OS on SRX Series versions 18.4 through 18.4R3-S10 Juniper Networks Junos OS on SRX Series versions 19.1 through 19.1R3-S7 Juniper Networks Junos OS on SRX Series versions 19.2 through 19.2R3-S4 Juniper Networks Junos OS on SRX Series versions 19.3 through 19.3R3-S4 Juniper Networks Junos OS on SRX Series versions 19.4 through 19.4R3-S6 Juniper Networks Junos OS on SRX Series versions 20.1 through 20.1R3-S2 Juniper Networks Junos OS on SRX Series versions 20.2 through 20.2R3-S3 Juniper Networks Junos OS on SRX Series versions 20.3 through 20.3R3-S1 Juniper Networks Junos OS on SRX Series versions 20.4 through 20.4R3 Juniper Networks Junos OS on SRX Series versions 21.1 through 21.1R2-S1, 21.1R3 Juniper Networks Junos OS on SRX Series versions 21.2 through 21.2R2

Description The issue is related to insufficient exception handling in Juniper Networks Junos OS on SRX Series devices, allowing a network-based unauthenticated attacker to cause a Denial of Service (DoS) by sending a specific fragmented packet to the device. This results in a flowd process crash, which is responsible for packet forwarding. Continued receipt and processing of this specific packet will create a sustained DoS condition. This issue only affects SRX Series when the 'preserve-incoming-fragment-size' feature is enabled.

Recommendations For versions 18.3 through 18.3R3-S6, update to version 18.3R3-S6 or later. For versions 18.4 through 18.4R3-S10, update to version 18.4R3-S10 or later. For versions 19.1 through 19.1R3-S7, update to version 19.1R3-S7 or later. For versions 19.2 through 19.2R3-S4, update to version 19.2R3-S4 or later. For versions 19.3 through 19.3R3-S4, update to version 19.3R3-S4 or later. For versions 19.4 through 19.4R3-S6, update to version 19.4R3-S6 or later. For versions 20.1 through 20.1R3-S2, update to version 20.1R3-S2 or later. For versions 20.2 through 20.2R3-S3, update to version 20.2R3-S3 or later. For versions 20.3 through 20.3R3-S1, update to version 20.3R3-S1 or later. For versions 20.4 through 20.4R3, update to version 20.4R3 or later. For versions 21.1 through 21.1R2-S1, 21.1R3, update to version 21.1R3 or later. For versions 21.2 through 21.2R2, update to version 21.2R2 or later. As a temporary workaround, consider disabling the 'preserve-incoming-fragment-size' feature until a patch is available.