CVE-2023-22416

Summary

A Buffer Overflow vulnerability in SIP ALG of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On all MX Series and SRX Series platform with SIP ALG enabled, when a malformed SIP packet is received, the flow processing daemon (flowd) will crash and restart. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2; 22.2 versions prior to 22.2R1-S1, 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1 on SRX Series.

Affected Software

VendorProductVersion RangeStatus
Juniper NetworksJunos OSunspecified < 20.4R1unaffected
Juniper NetworksJunos OS20.4 < 20.4R3-S5affected
Juniper NetworksJunos OS21.1 < 21.1R3-S4affected
Juniper NetworksJunos OS21.2 < 21.2R3-S2affected
Juniper NetworksJunos OS21.3 < 21.3R3-S1affected
Juniper NetworksJunos OS21.4 < 21.4R3affected
Juniper NetworksJunos OS22.1 < 22.1R1-S2, 22.1R2affected
Juniper NetworksJunos OS22.2 < 22.2R1-S1, 22.2R2affected

Weaknesses

  • CWE-120: CWE-120 Buffer Overflow
  • Denial of Service (DoS)

Workarounds

There are no known workarounds for this issue, but it should be considered to disable the SIP ALG if it's not strictly needed.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References