CVE-2023-22416

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on MX Series and SRX Series versions prior to 20.4R3-S5 Juniper Networks Junos OS on MX Series and SRX Series versions prior to 21.1R3-S4 Juniper Networks Junos OS on MX Series and SRX Series versions prior to 21.2R3-S2 Juniper Networks Junos OS on MX Series and SRX Series versions prior to 21.3R3-S1 Juniper Networks Junos OS on MX Series and SRX Series versions prior to 21.4R3 Juniper Networks Junos OS on MX Series and SRX Series versions prior to 22.1R1-S2, 22.1R2 Juniper Networks Junos OS on MX Series and SRX Series versions prior to 22.2R1-S1, 22.2R2

Description The issue is caused by a buffer overflow on the stack in the SIP ALG of Juniper Networks Junos OS, allowing a remote attacker to cause a Denial of Service (DoS). When a malformed SIP packet is received on MX Series and SRX Series platforms with SIP ALG enabled, the flow processing daemon (flowd) will crash and restart.

Recommendations For versions prior to 20.4R3-S5, update to 20.4R3-S5 or later. For versions prior to 21.1R3-S4, update to 21.1R3-S4 or later. For versions prior to 21.2R3-S2, update to 21.2R3-S2 or later. For versions prior to 21.3R3-S1, update to 21.3R3-S1 or later. For versions prior to 21.4R3, update to 21.4R3 or later. For versions prior to 22.1R1-S2, 22.1R2, update to 22.1R1-S2, 22.1R2 or later. For versions prior to 22.2R1-S1, 22.2R2, update to 22.2R1-S1, 22.2R2 or later.