CVE-2023-28968 — Improperly Controlled Sequential Memory Allocation in Networks Appid Service Sigpack

CWE-1325 — Improperly Controlled Sequential Memory Allocation CWE-770 — Allocation of Resources Without Limits or Throttling4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.3%

top 48.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Appid Service Sigpack Juniper Networks Jdpi-decoder Engine Juniper Networks Junos OS +3 more

Timeline

PublishedApr 17

Latest updateApr 18

Description

An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application Signature component of Junos OS's AppID service on SRX Series devices will stop the JDPI-Decoder from identifying dynamic application traffic, allowing an unauthenticated network-based attacker to send traffic to the target device using the JDPI-Decoder, designed to inspect dynamic application traffic and take action upon this traffic, to instead b…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages6 packages

▶CVEListV5juniper_networks/jdpi-decoder_engineunspecified — 5.7.0-47

▶NVDjuniper/jdpi-decoder_engine< 5.7.0-47

▶CVEListV5juniper_networks/appid_service_sigpackunspecified — 1.550.2-31

▶NVDjuniper/appid_service_sigpack< 1.550.2-31

▶CVEListV5juniper_networks/junos_osunspecified — 19.1R3-S10+14

🔴Vulnerability Details

GHSA

GHSA-xghw-5mm2-r3q7: An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application↗2023-04-18

▶

CVEList

Junos OS: SRX Series: Policies that rely on JDPI-Decoder actions may fail open↗2023-04-17

▶

📋Vendor Advisories

Juniper

CVE-2023-28968: An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application↗2023-04-17

▶