CVE-2022-22198

Summary

An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. On all MX and SRX platforms, if the SIP ALG is enabled, an MS-MPC or MS-MIC, or SPC will crash if it receives a SIP message with a specific contact header format. This issue affects Juniper Networks Junos OS on MX Series and SRX Series: 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect versions prior to 20.4R1.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OSunspecified < 20.4R1unaffected
Juniper NetworksJunos OS20.4 < 20.4R3affected
Juniper NetworksJunos OS21.1 < 21.1R2-S1, 21.1R3affected
Juniper NetworksJunos OS21.2 < 21.2R2affected

Weaknesses

  • CWE-824: CWE-824 Access of Uninitialized Pointer
  • Denial of Service (DoS)

Workarounds

There are no viable workarounds for this issue, but it should be considered to disable the SIP ALG if it's not strictly needed.

ADP Enrichment

CVE Program Container

Additional References

References