{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2023-22392",
        "ASSIGNER": "sirt@juniper.net",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "\nA Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).\n\nPTX3000, PTX5000, QFX10000, PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs do not support certain flow-routes. Once a flow-route is received over an established BGP session and an attempt is made to install the resulting filter into the PFE, FPC heap memory is leaked. The FPC heap memory can be monitored using the CLI command \"show chassis fpc\".\n\nThe following syslog messages can be observed if the respective filter derived from a flow-route cannot be installed.\n\nexpr_dfw_sfm_range_add:661 SFM packet-length Unable to get a sfm entry for updating the hw\nexpr_dfw_hw_sfm_add:750 Unable to add the filter secondarymatch to the hardware\nexpr_dfw_base_hw_add:52 Failed to add h/w sfm data.\nexpr_dfw_base_hw_create:114 Failed to add h/w data.\nexpr_dfw_base_pfe_inst_create:241 Failed to create base inst for sfilter 0 on PFE 0 for __flowspec_default_inet__\nexpr_dfw_flt_inst_change:1368 Failed to create __flowspec_default_inet__ on PFE 0\nexpr_dfw_hw_pgm_fnum:465 dfw_pfe_inst_old not found for pfe_index 0!\nexpr_dfw_bp_pgm_flt_num:548 Failed to pgm bind-point in hw: generic failure\nexpr_dfw_bp_topo_handler:1102 Failed to program fnum.\nexpr_dfw_entry_process_change:679 Failed to change instance for filter __flowspec_default_inet__.\nThis issue affects Juniper Networks Junos OS:\n\non PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs:\n\n\n\n  *  All versions prior to 20.4R3-S5;\n  *  21.1 versions prior to 21.1R3-S4;\n  *  21.2 versions prior to 21.2R3-S2;\n  *  21.3 versions prior to 21.3R3;\n  *  21.4 versions prior to 21.4R2-S2, 21.4R3;\n  *  22.1 versions prior to 22.1R1-S2, 22.1R2.\n\n\n\n\non PTX3000, PTX5000, QFX10000:\n\n\n\n  *  All versions prior to 20.4R3-S8;\n  *  21.1 version 21.1R1 and later versions;\n  *  21.2 versions prior to 21.2R3-S6;\n  *  21.3 versions prior to 21.3R3-S5;\n  *  21.4 versions prior to 21.4R3-S4;\n  *  22.1 versions prior to 22.1R3-S3\n  *  22.2 versions prior to 22.2R3-S1\n  *  22.3 versions prior to 22.3R2-S2, 22.3R3\n  *  22.4 versions prior to 22.4R2.\n\n\n\n\n\n\n"
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-401 A Missing Release of Memory after Effective Lifetime",
                        "cweId": "CWE-401"
                    }
                ]
            },
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "Denial of Service (DoS)"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Juniper Networks",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Junos OS",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<",
                                            "version_name": "0",
                                            "version_value": "20.4R3-S5"
                                        },
                                        {
                                            "version_affected": "<",
                                            "version_name": "21.1",
                                            "version_value": "21.1R3-S4"
                                        },
                                        {
                                            "version_affected": "<",
                                            "version_name": "21.2",
                                            "version_value": "21.2R3-S2"
                                        },
                                        {
                                            "version_affected": "<",
                                            "version_name": "21.3",
                                            "version_value": "21.3R3"
                                        },
                                        {
                                            "version_affected": "<",
                                            "version_name": "21.4",
                                            "version_value": "21.4R2-S2, 21.4R3"
                                        },
                                        {
                                            "version_affected": "<",
                                            "version_name": "22.1",
                                            "version_value": "22.1R1-S2, 22.1R2"
                                        },
                                        {
                                            "version_affected": "<",
                                            "version_name": "21.1R1",
                                            "version_value": "21.1*"
                                        },
                                        {
                                            "version_affected": "<",
                                            "version_name": "22.2",
                                            "version_value": "22.2R3-S1"
                                        },
                                        {
                                            "version_affected": "<",
                                            "version_name": "22.3",
                                            "version_value": "22.3R2-S2, 22.3R3"
                                        },
                                        {
                                            "version_affected": "<",
                                            "version_name": "22.4",
                                            "version_value": "22.4R2"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://supportportal.juniper.net/JSA73530",
                "refsource": "MISC",
                "name": "https://supportportal.juniper.net/JSA73530"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.1.0-av217"
    },
    "source": {
        "advisory": "JSA73530",
        "defect": [
            "1650443",
            "1716398"
        ],
        "discovery": "USER"
    },
    "configuration": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "<p>The following configuration is affected by this issue:</p> <tt>[protocols bgp group family flow]</tt>"
                }
            ],
            "value": "The following configuration is affected by this issue:\n\n [protocols bgp group family flow]"
        }
    ],
    "work_around": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "<p>There are no known workarounds for this issue.</p>"
                }
            ],
            "value": "There are no known workarounds for this issue.\n\n"
        }
    ],
    "exploit": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "<p>Juniper SIRT is not aware of any malicious exploitation of this vulnerability.</p>"
                }
            ],
            "value": "Juniper SIRT is not aware of any malicious exploitation of this vulnerability.\n\n"
        }
    ],
    "solution": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "<p>The following software releases have been updated to resolve this specific issue: </p><p>For PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs: Junos OS 20.4R3-S5, 21.1R3-S4, 21.2R3-S2, 21.3R3, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R2, 22.2R1, and all subsequent releases.</p><p>For PTX3000, PTX5000, QFX10000: Junos OS 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2, 23.2R1, and all subsequent releases.</p>"
                }
            ],
            "value": "The following software releases have been updated to resolve this specific issue: \n\nFor PTX1000, PTX10002, and PTX10004, PTX10008 and PTX10016 with LC110x FPCs: Junos OS 20.4R3-S5, 21.1R3-S4, 21.2R3-S2, 21.3R3, 21.4R2-S2, 21.4R3, 22.1R1-S2, 22.1R2, 22.2R1, and all subsequent releases.\n\nFor PTX3000, PTX5000, QFX10000: Junos OS 20.4R3-S8, 21.2R3-S6, 21.3R3-S5, 21.4R3-S4, 22.1R3-S3, 22.2R3-S1, 22.3R2-S2, 22.3R3, 22.4R2, 23.2R1, and all subsequent releases.\n\n"
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                "version": "3.1"
            }
        ]
    }
}