An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When specific valid SIP packets are received the PFE will crash and restart. This issue affects Juniper Networks Junos OS on SRX Series and MX Series: 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Juniper Networks | Junos OS | affected |
|
Configuration 1 [-]
| AND |
|
No data.
No data.
Project Subscriptions
| Vendors | Products |
|---|---|
|
Juniper
Subscribe
|
Junos
Subscribe
Mx10
Subscribe
Mx10000
Subscribe
Mx10003
Subscribe
Mx10008
Subscribe
Mx10016
Subscribe
Mx104
Subscribe
Mx150
Subscribe
Mx2008
Subscribe
Mx2010
Subscribe
Mx2020
Subscribe
Mx204
Subscribe
Mx240
Subscribe
Mx40
Subscribe
Mx480
Subscribe
Mx5
Subscribe
Mx80
Subscribe
Mx960
Subscribe
Srx100
Subscribe
Srx110
Subscribe
Srx1400
Subscribe
Srx1500
Subscribe
Srx210
Subscribe
Srx220
Subscribe
Srx240
Subscribe
Srx240h2
Subscribe
Srx240m
Subscribe
Srx300
Subscribe
Srx320
Subscribe
Srx340
Subscribe
Srx3400
Subscribe
Srx345
Subscribe
Srx3600
Subscribe
Srx380
Subscribe
Srx4000
Subscribe
Srx4100
Subscribe
Srx4200
Subscribe
Srx4600
Subscribe
Srx5000
Subscribe
Srx5400
Subscribe
Srx550
Subscribe
Srx550 Hm
Subscribe
Srx550m
Subscribe
Srx5600
Subscribe
Srx5800
Subscribe
Srx650
Subscribe
|
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2022-27383 | An Access of Uninitialized Pointer vulnerability in SIP Application Layer Gateway (ALG) of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When specific valid SIP packets are received the PFE will crash and restart. This issue affects Juniper Networks Junos OS on SRX Series and MX Series: 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S2; 21.2 versions prior to 21.2R3-S2; 21.3 versions prior to 21.3R2-S2, 21.3R3; 21.4 versions prior to 21.4R1-S2, 21.4R2; 22.1 versions prior to 22.1R1-S1, 22.1R2. This issue does not affect Juniper Networks Junos OS versions prior to 20.4R1. |
Fixes
Solution
The following software releases have been updated to resolve this specific issue: 20.4R3-S4, 21.1R3-S2, 21.2R3-S2, 21.3R2-S2, 21.3R3, 21.4R1-S2, 21.4R2, 22.1R1-S1, 22.1R2, 22.2R1, and all subsequent releases.
Workaround
There are no known workarounds for this issue.
References
| Link | Providers |
|---|---|
| https://kb.juniper.net/JSA69892 |
|
History
Sun, 13 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Sat, 10 May 2025 03:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Projects
Sign in to view the affected projects.
MITRE
Status: PUBLISHED
Assigner: juniper
Published:
Updated: 2025-05-10T02:37:41.505Z
Reserved: 2021-12-21T00:00:00.000Z
Link: CVE-2022-22236
Vulnrichment
Updated: 2024-08-03T03:07:49.874Z
NVD
Status : Modified
Published: 2022-10-18T03:15:10.603
Modified: 2024-11-21T06:46:27.443
Link: CVE-2022-22236
Redhat
No data.
OpenCVE Enrichment
No data.
Weaknesses