CVE-2022-22178: Junos OS: MX and SRX series: Flowd core observed if the SIP ALG is enabled and a specific Session Initiation Protocol (SIP) packet is received
First published: Wed Jan 12 2022(Updated: )
A Stack-based Buffer Overflow vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on MX Series and SRX series allows an unauthenticated networked attacker to cause a flowd crash and thereby a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. This issue can be triggered by a specific Session Initiation Protocol (SIP) invite packet if the SIP ALG is enabled. Due to this, the PIC will be rebooted and all traffic that traverses the PIC will be dropped. This issue affects: Juniper Networks Junos OS 20.4 versions prior to 20.4R3-S2; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2; 21.3 versions prior to 21.3R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper JUNOS | =20.4-r1 | |
| Juniper JUNOS | =20.4-r1-s1 | |
| Juniper JUNOS | =20.4-r2 | |
| Juniper JUNOS | =20.4-r2-s1 | |
| Juniper JUNOS | =20.4-r2-s2 | |
| Juniper JUNOS | =20.4-r3 | |
| Juniper JUNOS | =20.4-r3-s1 | |
| Juniper JUNOS | =21.1-r1 | |
| Juniper JUNOS | =21.1-r1-s1 | |
| Juniper JUNOS | =21.1-r2 | |
| Juniper JUNOS | =21.2-r1 | |
| Juniper JUNOS | =21.2-r1-s1 | |
| Juniper JUNOS | =21.3-r1 | |
| Juniper Mx10 | ||
| Juniper Mx10000 | ||
| Juniper Mx10003 | ||
| Juniper Mx10008 | ||
| Juniper Mx10016 | ||
| Juniper Mx104 | ||
| Juniper Mx150 | ||
| Juniper Mx2008 | ||
| Juniper Mx2010 | ||
| Juniper Mx2020 | ||
| Juniper Mx204 | ||
| Juniper Mx240 | ||
| Juniper Mx40 | ||
| Juniper Mx480 | ||
| Juniper Mx5 | ||
| Juniper Mx80 | ||
| Juniper Mx960 | ||
| Juniper Srx100 | ||
| Juniper Srx110 | ||
| Juniper Srx1400 | ||
| Juniper Srx1500 | ||
| Juniper Srx210 | ||
| Juniper Srx220 | ||
| Juniper Srx240 | ||
| Juniper Srx240h2 | ||
| Juniper Srx300 | ||
| Juniper Srx320 | ||
| Juniper Srx340 | ||
| Juniper Srx3400 | ||
| Juniper Srx345 | ||
| Juniper Srx3600 | ||
| Juniper Srx380 | ||
| Juniper Srx4000 | ||
| Juniper Srx4100 | ||
| Juniper Srx4200 | ||
| Juniper Srx4600 | ||
| Juniper Srx5000 | ||
| Juniper Srx5400 | ||
| Juniper Srx550 | ||
| Juniper Srx550 Hm | ||
| Juniper Srx550m | ||
| Juniper Srx5600 | ||
| Juniper Srx5800 | ||
| Juniper Srx650 |
Remedy
The following software releases have been updated to resolve this specific issue: 20.4R3-S2, 21.1R2-S1, 21.1R3, 21.2R2, 21.2R3, 21.3R2, 21.4R1, and all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-22178?
CVE-2022-22178 is a Stack-based Buffer Overflow vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on MX Series and SRX series.
How does CVE-2022-22178 impact Juniper Networks Junos OS?
CVE-2022-22178 allows an unauthenticated networked attacker to cause a flowd crash and thereby a Denial of Service (DoS).
What is the severity of CVE-2022-22178?
The severity of CVE-2022-22178 is high, with a severity value of 7.5.
Which versions of Juniper Networks Junos OS are affected by CVE-2022-22178?
Juniper Networks Junos OS versions 20.4-r1 to 21.3-r1 are affected by CVE-2022-22178.
How can I fix CVE-2022-22178?
To fix CVE-2022-22178, it is recommended to update Juniper Networks Junos OS to a version that includes the necessary security patches.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/remedy
- agent/author
- agent/title
- agent/references
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/juniper
- canonical/juniper junos
- version/juniper junos/20.4-r1
- version/juniper junos/20.4-r1-s1
- version/juniper junos/20.4-r2
- version/juniper junos/20.4-r2-s1
- version/juniper junos/20.4-r2-s2
- version/juniper junos/20.4-r3
- version/juniper junos/20.4-r3-s1
- version/juniper junos/21.1-r1
- version/juniper junos/21.1-r1-s1
- version/juniper junos/21.1-r2
- version/juniper junos/21.2-r1
- version/juniper junos/21.2-r1-s1
- version/juniper junos/21.3-r1
- canonical/juniper mx10
- canonical/juniper mx10000
- canonical/juniper mx10003
- canonical/juniper mx10008
- canonical/juniper mx10016
- canonical/juniper mx104
- canonical/juniper mx150
- canonical/juniper mx2008
- canonical/juniper mx2010
- canonical/juniper mx2020
- canonical/juniper mx204
- canonical/juniper mx240
- canonical/juniper mx40
- canonical/juniper mx480
- canonical/juniper mx5
- canonical/juniper mx80
- canonical/juniper mx960
- canonical/juniper srx100
- canonical/juniper srx110
- canonical/juniper srx1400
- canonical/juniper srx1500
- canonical/juniper srx210
- canonical/juniper srx220
- canonical/juniper srx240
- canonical/juniper srx240h2
- canonical/juniper srx300
- canonical/juniper srx320
- canonical/juniper srx340
- canonical/juniper srx3400
- canonical/juniper srx345
- canonical/juniper srx3600
- canonical/juniper srx380
- canonical/juniper srx4000
- canonical/juniper srx4100
- canonical/juniper srx4200
- canonical/juniper srx4600
- canonical/juniper srx5000
- canonical/juniper srx5400
- canonical/juniper srx550
- canonical/juniper srx550 hm
- canonical/juniper srx550m
- canonical/juniper srx5600
- canonical/juniper srx5800
- canonical/juniper srx650