CVE-2023-22411

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on SRX Series versions 19.2 through 19.2R3-S6 Juniper Networks Junos OS on SRX Series versions 19.3 through 19.3R3-S6 Juniper Networks Junos OS on SRX Series versions 19.4 through 19.4R3-S9 Juniper Networks Junos OS on SRX Series versions 20.2 through 20.2R3-S5 Juniper Networks Junos OS on SRX Series versions 20.3 through 20.3R3-S4 Juniper Networks Junos OS on SRX Series versions 20.4 through 20.4R3-S3 Juniper Networks Junos OS on SRX Series versions 21.1 through 21.1R3 Juniper Networks Junos OS on SRX Series versions 21.2 through 21.2R3 Juniper Networks Junos OS on SRX Series versions 21.3 through 21.3R2 Juniper Networks Junos OS on SRX Series versions 21.4 through 21.4R2

Description An Out-of-Bounds Write issue in the Flow Processing Daemon (flowd) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On SRX Series devices using Unified Policies with IPv6, when a specific IPv6 packet goes through a dynamic-application filter which will generate an ICMP deny message, the flowd core is observed and the PFE is restarted.

Recommendations For Juniper Networks Junos OS on SRX Series versions 19.2 through 19.2R3-S6, update to version 19.2R3-S6 or later. For Juniper Networks Junos OS on SRX Series versions 19.3 through 19.3R3-S6, update to version 19.3R3-S6 or later. For Juniper Networks Junos OS on SRX Series versions 19.4 through 19.4R3-S9, update to version 19.4R3-S9 or later. For Juniper Networks Junos OS on SRX Series versions 20.2 through 20.2R3-S5, update to version 20.2R3-S5 or later. For Juniper Networks Junos OS on SRX Series versions 20.3 through 20.3R3-S4, update to version 20.3R3-S4 or later. For Juniper Networks Junos OS on SRX Series versions 20.4 through 20.4R3-S3, update to version 20.4R3-S3 or later. For Juniper Networks Junos OS on SRX Series versions 21.1 through 21.1R3, update to version 21.1R3 or later. For Juniper Networks Junos OS on SRX Series versions 21.2 through 21.2R3, update to version 21.2R3 or later. For Juniper Networks Junos OS on SRX Series versions 21.3 through 21.3R2, update to version 21.3R2 or later. For Juniper Networks Junos OS on SRX Series versions 21.4 through 21.4R2, update to version 21.4R2 or later.