CVE-2023-28968

Vulnerability Summary

An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application Signature component of Junos OS's AppID service on SRX Series devices will stop the JDPI-Decoder from identifying dynamic application traffic, allowing an unauthenticated network-based malicious user to send traffic to the target device using the JDPI-Decoder, designed to inspect dynamic application traffic and take action upon this traffic, to instead begin to not take action and to pass the traffic through. An example session can be seen by running the following command and evaluating the output. user@device# run show security flow session source-prefix <address/mask> extensive Session ID: <session ID>, Status: Normal, State: Active Policy name: <name of policy> Dynamic application: junos:UNKNOWN, <<<<< LOOK HERE Please note, the JDPI-Decoder and the AppID SigPack are both affected and both must be upgraded along with the operating system to address the matter. By default, none of this is auto-enabled for automatic updates. This issue affects: Juniper Networks any version of the JDPI-Decoder Engine prior to version 5.7.0-47 with the JDPI-Decoder enabled using any version of the AppID SigPack prior to version 1.550.2-31 (SigPack 3533) on Junos OS on SRX Series: All versions before 19.1R3-S10; 19.2 versions before 19.2R3-S7; 19.3 versions before 19.3R3-S8; 19.4 versions before 19.4R3-S11; 20.1 version 20.1R1 and later versions before 20.2R3-S7; 20.3 version 20.3R1 and later versions before 20.4R3-S6; 21.1 versions before 21.1R3-S5; 21.2 versions before 21.2R3-S4; 21.3 versions before 21.3R3-S3; 21.4 versions before 21.4R3-S3; 22.1 versions before 22.1R3-S1; 22.2 versions before 22.2R2-S1, 22.2R3; 22.3 versions before 22.3R1-S2, 22.3R2;

Vulnerability Trend

References