CVE-2023-22394Improper Update of Reference Count in Networks Junos OS

CWE-911Improper Update of Reference Count4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 38.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedJan 13

Description

An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper Networks Junos OS on SRX Series and MX Series platforms allows an attacker to cause a memory leak leading to Denial of Services (DoS). This issue occurs on all MX Series platforms with MS-MPC or MS-MIC card and all SRX Series platforms where SIP ALG is enabled. Successful exploitation of this vulnerability prevents additional SIP calls and applications from succeeding. The SIP ALG needs to be enabl

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5juniper_networks/junos_osunspecified19.3R3-S7+10
NVDjuniper/junos< 19.3+11

🔴Vulnerability Details

2
GHSA
GHSA-8hr2-28vp-mgr9: An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper Networks Junos OS on SRX Series and MX Series platf2023-01-13
CVEList
Junos OS: SRX Series and MX Series: Memory leak due to receipt of specially crafted SIP calls2023-01-12

📋Vendor Advisories

1
Juniper
CVE-2023-22394: An Improper Handling of Unexpected Data Type vulnerability in the handling of SIP calls in Juniper Networks Junos OS on SRX Series and MX Series platf2023-01-13
CVE-2023-22394 — Improper Update of Reference Count | cvebase