CVE-2022-22198
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. On all MX and SRX platforms, if the SIP ALG is enabled, an MS-MPC or MS-MIC, or SPC will crash if it receives a SIP message with a specific contact header format. This issue affects Juniper Networks Junos OS on MX Series and SRX Series: 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect versions prior to 20.4R1.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Juniper Networks | Junos OS | unspecified < 20.4R1 | unaffected |
| Juniper Networks | Junos OS | 20.4 < 20.4R3 | affected |
| Juniper Networks | Junos OS | 21.1 < 21.1R2-S1, 21.1R3 | affected |
| Juniper Networks | Junos OS | 21.2 < 21.2R2 | affected |
Weaknesses
- CWE-824: CWE-824 Access of Uninitialized Pointer
- Denial of Service (DoS)
Workarounds
There are no viable workarounds for this issue, but it should be considered to disable the SIP ALG if it's not strictly needed.
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.