CVE-2023-44204

CVSS V2 None CVSS V3 None

Description

An Improper Validation of Syntactic Correctness of Input vulnerability in Routing Protocol Daemon (rpd) Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). When a malformed BGP UPDATE packet is received over an established BGP session, the rpd crashes and restarts. This issue affects both eBGP and iBGP implementations. This issue affects: Juniper Networks Junos OS * 21.4 versions prior to 21.4R3-S4; * 22.1 versions prior to 22.1R3-S3; * 22.2 versions prior to 22.2R3-S2; * 22.3 versions prior to 22.3R2-S2, 22.3R3; * 22.4 versions prior to 22.4R2-S1, 22.4R3; * 23.2 versions prior to 23.2R1, 23.2R2; Juniper Networks Junos OS Evolved * 21.4 versions prior to 21.4R3-S5-EVO; * 22.1 versions prior to 22.1R3-S3-EVO; * 22.2 versions prior to 22.2R3-S3-EVO; * 22.3 versions prior to 22.3R2-S2-EVO; * 22.4 versions prior to 22.4R3-EVO; * 23.2 versions prior to 23.2R2-EVO;

Overview

CVE ID
CVE-2023-44204

Assigner
juniper

Vulnerability Status
PUBLISHED

Published Version
2023-10-12T23:06:37.422Z

Last Modified Date
2023-10-12T23:06:37.422Z

Weakness Enumerations

CWE	URL
CWE-1286	http://cwe.mitre.org/data/definitions/1286.html

References

Reference URL	Reference Tags
https://supportportal.juniper.net/JSA73170	vendor-advisory

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-44204
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44204

History

Created	Old Value	New Value	Data Type	Notes
2024-06-25 12:35:37				Added to TrackCVE