CVE-2023-36838

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on SRX Series versions prior to 20.2R3-S7 Juniper Networks Junos OS on SRX Series version 20.3R1 and later versions Juniper Networks Junos OS on SRX Series versions prior to 20.4R3-S6 Juniper Networks Junos OS on SRX Series versions prior to 21.1R3-S5 Juniper Networks Junos OS on SRX Series versions prior to 21.2R3-S4 Juniper Networks Junos OS on SRX Series versions prior to 21.3R3-S4 Juniper Networks Junos OS on SRX Series versions prior to 21.4R3-S3 Juniper Networks Junos OS on SRX Series versions prior to 22.1R3-S1 Juniper Networks Junos OS on SRX Series versions prior to 22.2R3 Juniper Networks Junos OS on SRX Series versions prior to 22.3R2 Juniper Networks Junos OS on SRX Series versions prior to 22.4R1-S1, 22.4R2

Description The issue is related to an Out-of-bounds Read vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series. This vulnerability allows a local, authenticated attacker with low privileges to cause a Denial of Service (DoS). If a low privileged user executes a specific CLI command, flowd crashes and generates a core dump, causing temporary traffic interruption until the flowd process is restarted automatically. Continued execution of this command can lead to a sustained DoS.

Recommendations For Juniper Networks Junos OS on SRX Series versions prior to 20.2R3-S7, update to version 20.2R3-S7 or later. For Juniper Networks Junos OS on SRX Series version 20.3R1 and later versions, update to a version that is not affected. For Juniper Networks Junos OS on SRX Series versions prior to 20.4R3-S6, update to version 20.4R3-S6 or later. For Juniper Networks Junos OS on SRX Series versions prior to 21.1R3-S5, update to version 21.1R3-S5 or later. For Juniper Networks Junos OS on SRX Series versions prior to 21.2R3-S4, update to version 21.2R3-S4 or later. For Juniper Networks Junos OS on SRX Series versions prior to 21.3R3-S4, update to version 21.3R3-S4 or later. For Juniper Networks Junos OS on SRX Series versions prior to 21.4R3-S3, update to version 21.4R3-S3 or later. For Juniper Networks Junos OS on SRX Series versions prior to 22.1R3-S1, update to version 22.1R3-S1 or later. For Juniper Networks Junos OS on SRX Series versions prior to 22.2R3, update to version 22.2R3 or later. For Juniper Networks Junos OS on SRX Series versions prior to 22.3R2, update to version 22.3R2 or later. For Juniper Networks Junos OS on SRX Series versions prior to 22.4R1-S1, 22.4R2, update to a version that is not affected. As a temporary workaround, consider restricting access to the flowd process until a patch is available.