CVE-2022-22204Missing Release of Memory after Effective Lifetime in Networks Junos OS

CWE-401Missing Release of Memory after Effective Lifetime5 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 40.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJul 20
Latest updateJul 21

Description

An Improper Release of Memory Before Removing Last Reference vulnerability in the Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of Juniper Networks Junos OS allows unauthenticated network-based attacker to cause a partial Denial of Service (DoS). On all MX and SRX platforms, if the SIP ALG is enabled, receipt of a specific SIP packet will create a stale SIP entry. Sustained receipt of such packets will cause the SIP call table to eventually fill up and cause a DoS for all SIP

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5juniper_networks/junos_os20.420.4R3-S2+4
NVDjuniper/junos5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-gmwx-qv5p-38rc: An Improper Release of Memory Before Removing Last Reference vulnerability in the Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of2022-07-21
CVEList
Junos OS: MX Series and SRX Series: When receiving a specific SIP packets stale call table entries are created which eventually leads to a DoS for all SIP traffic2022-07-20

💥Exploits & PoCs

1
Exploit-DB
ExifTool 12.23 - Arbitrary Code Execution2022-05-11

📋Vendor Advisories

1
Juniper
CVE-2022-22204: An Improper Release of Memory Before Removing Last Reference vulnerability in the Session Initiation Protocol (SIP) Application Layer Gateway (ALG) of2022-07-20
CVE-2022-22204 — Networks Junos OS vulnerability | cvebase