VYPR
Unrated severityNVD Advisory· Published Apr 14, 2022· Updated Sep 16, 2024

Junos OS: SRX Series: Denial of service vulnerability in flowd daemon upon receipt of a specific fragmented packet

CVE-2022-22185

Description

A vulnerability in Juniper Networks Junos OS on SRX Series, allows a network-based unauthenticated attacker to cause a Denial of Service (DoS) by sending a specific fragmented packet to the device, resulting in a flowd process crash, which is responsible for packet forwarding. Continued receipt and processing of this specific packet will create a sustained DoS condition. This issue only affects SRX Series when 'preserve-incoming-fragment-size' feature is enabled. This issue affects Juniper Networks Junos OS on SRX Series: 18.3 versions prior to 18.3R3-S6; 18.4 versions prior to 18.4R3-S10; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S4; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3-S2; 20.2 versions prior to 20.2R3-S3; 20.3 versions prior to 20.3R3-S1; 20.4 versions prior to 20.4R3; 21.1 versions prior to 21.1R2-S1, 21.1R3; 21.2 versions prior to 21.2R2. This issue does not affect Juniper Networks Junos OS prior to 17.3R1.

Affected products

2
  • Juniper Networks/Junosllm-fuzzy2 versions
    >=17.3R1, <18.3R3-S6, 18.4 <18.4R3-S10, 19.1 <19.1R3-S7, 19.2 <19.2R3-S4, 19.3 <19.3R3-S4, 19.4 <19.4R3-S6, 20.1 <20.1R3-S2, 20.2 <20.2R3-S3, 20.3 <20.3R3-S1, 20.4 <20.4R3, 21.1 <21.1R2-S1, 21.1R3, 21.2 <21.2R2+ 1 more
    • (no CPE)range: >=17.3R1, <18.3R3-S6, 18.4 <18.4R3-S10, 19.1 <19.1R3-S7, 19.2 <19.2R3-S4, 19.3 <19.3R3-S4, 19.4 <19.4R3-S6, 20.1 <20.1R3-S2, 20.2 <20.2R3-S3, 20.3 <20.3R3-S1, 20.4 <20.4R3, 21.1 <21.1R2-S1, 21.1R3, 21.2 <21.2R2
    • (no CPE)range: unspecified

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.