Juniper Networks Junos OS SIP ALG Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Session Initialization Protocol (SIP) Application Layer Gateway (ALG) of Juniper Networks Junos OS. This issue affects MX Series and SRX Series devices. The vulnerability arises from a buffer copy operation that does not properly check the size of the input. An unauthenticated, network-based attacker can exploit this vulnerability by sending specific SIP packets during periods of high memory utilization, causing the flowd process to crash. Although the system automatically recovers, this disruption can significantly affect service stability. Furthermore, continuous transmission of these SIP packets under similar conditions can lead to a sustained denial-of-service state.

Impact

Exploitation of this vulnerability causes the flowd process to crash, disrupting services and potentially leading to a sustained denial-of-service condition if specific SIP packets are continuously received during periods of high memory utilization.

Remediation

Users can refer to the Juniper Support Portal for guidance on updating to versions 22.4R3-S7, 23.2R2-S4, 23.4R2-S5, or 24.2R2, where this vulnerability is addressed.