CVE-2022-22236Access of Uninitialized Pointer in Networks Junos OS

CWE-824Access of Uninitialized Pointer4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 36.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedOct 18

Description

An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When specific valid SIP packets are received the PFE will crash and restart. This issue affects Juniper Networks Junos OS on SRX Series and MX Series: 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S2; 21.3 versions pr

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_os20.420.4R3-S4+5
NVDjuniper/junos6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-xp87-wp3m-6ppw: An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series allow2022-10-18
CVEList
Junos OS: SRX Series and MX Series: When specific valid SIP packets are received the PFE will crash2022-10-18

📋Vendor Advisories

1
Juniper
CVE-2022-22236: An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series allow2022-10-18
CVE-2022-22236 — Access of Uninitialized Pointer | cvebase