CVE-2023-44197

Name of the Vulnerable Software and Affected Versions Junos OS versions prior to 20.4R3-S8 Junos OS versions 21.1R1 and later versions Junos OS versions prior to 21.2R3-S2 Junos OS versions prior to 21.3R3-S5 Junos OS versions prior to 21.4R2-S1, 21.4R3-S5 Junos OS Evolved versions prior to 20.4R3-S8-EVO Junos OS Evolved versions 21.1R1-EVO and later versions Junos OS Evolved versions prior to 21.2R3-S2-EVO Junos OS Evolved version 21.3R1-EVO and later versions Junos OS Evolved versions prior to 21.4R2-S1-EVO, 21.4R3-S5-EVO

Description An Out-of-Bounds Write issue in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). This issue is observed when processing BGP route updates received over an established BGP session, specifically for BGP routes learned via a peer configured with a BGP import policy that has hundreds of terms matching IPv4 and/or IPv6 prefixes.

Recommendations For Junos OS versions prior to 20.4R3-S8, update to version 20.4R3-S8 or later. For Junos OS versions 21.1R1 and later versions, update to a version that includes the fix for this issue. For Junos OS versions prior to 21.2R3-S2, update to version 21.2R3-S2 or later. For Junos OS versions prior to 21.3R3-S5, update to version 21.3R3-S5 or later. For Junos OS versions prior to 21.4R2-S1, 21.4R3-S5, update to version 21.4R2-S1 or 21.4R3-S5 or later. For Junos OS Evolved versions prior to 20.4R3-S8-EVO, update to version 20.4R3-S8-EVO or later. For Junos OS Evolved versions 21.1R1-EVO and later versions, update to a version that includes the fix for this issue. For Junos OS Evolved versions prior to 21.2R3-S2-EVO, update to version 21.2R3-S2-EVO or later. For Junos OS Evolved version 21.3R1-EVO and later versions, update to a version that includes the fix for this issue. For Junos OS Evolved versions prior to 21.4R2-S1-EVO, 21.4R3-S5-EVO, update to version 21.4R2-S1-EVO or 21.4R3-S5-EVO or later.