Juniper Junos OS: 2023-01 Security Bulletin: Junos OS: MX Series and SRX Series: The flow processing daemon (flowd) will crash if SIP ALG is enabled and a malformed SIP packet is received (JSA70212) (CVE-2023-22416)

Juniper Junos OS: 2023-01 Security Bulletin: Junos OS: MX Series and SRX Series: The flow processing daemon (flowd) will crash if SIP ALG is enabled and a malformed SIP packet is received (JSA70212) (CVE-2023-22416)

Severity

5

CVSS

(AV:N/AC:L/Au:N/C:N/I:N/A:P)

Published

01/13/2023

Created

03/23/2023

Added

03/22/2023

Modified

12/06/2023

Description

A Buffer Overflow vulnerability in SIP ALG of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). On all MX Series and SRX Series platform with SIP ALG enabled, when a malformed SIP packet is received, the flow processing daemon (flowd) will crash and restart. This issue affects: Juniper Networks Junos OS on MX Series and SRX Series 20.4 versions prior to 20.4R3-S5; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R3-S1; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R1-S2, 22.1R2; 22.2 versions prior to 22.2R1-S1, 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1 on SRX Series.

Solution(s)

• juniper-junos-os-upgrade-latest

References

• https://attackerkb.com/topics/cve-2023-22416
• CVE - 2023-22416
• JSA70212