CVE-2022-22198Access of Uninitialized Pointer in Networks Junos OS

CWE-824Access of Uninitialized Pointer4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 33.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 14
Latest updateApr 15

Description

An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause a Denial of Service (DoS). Continued receipt of these specific packets will cause a sustained Denial of Service condition. On all MX and SRX platforms, if the SIP ALG is enabled, an MS-MPC or MS-MIC, or SPC will crash if it receives a SIP message with a specific contact header format. This issue affects Juniper Networks Junos OS on MX Series and S

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os20.420.4R3+2
NVDjuniper/junos20.4, 21.1, 21.2+2

🔴Vulnerability Details

2
GHSA
GHSA-xwh6-w3pq-2jj3: An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause2022-04-15
CVEList
Junos OS: MX MS-MPC or MS-MIC, or SRX SPC crashes if it receives a SIP message with a specific contact header format2022-04-14

📋Vendor Advisories

1
Juniper
CVE-2022-22198: An Access of Uninitialized Pointer vulnerability in the SIP ALG of Juniper Networks Junos OS allows an unauthenticated network-based attacker to cause2022-04-14
CVE-2022-22198 — Access of Uninitialized Pointer | cvebase