CVE Vulnerabilities

CVE-2023-28967

Use of Uninitialized Resource

Published: Apr 17, 2023 | Modified: Apr 27, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A Use of Uninitialized Resource vulnerability in the Border Gateway Protocol (BGP) software of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to send specific genuine BGP packets to a device configured with BGP to cause a Denial of Service (DoS) by crashing the Routing Protocol Daemon (rpd). This issue is triggered when the packets attempt to initiate a BGP connection before a BGP session is successfully established. Continued receipt of these specific BGP packets will cause a sustained Denial of Service condition. This issue is triggerable in both iBGP and eBGP deployments. This issue affects: Juniper Networks Junos OS 21.1 version 21.1R1 and later versions prior to 21.1R3-S5; 21.2 version 21.2R1 and later versions prior to 21.2R3-S2; 21.3 version 21.3R1 and later versions prior to 21.3R3-S2; 21.4 versions prior to 21.4R3; 22.1 versions prior to 22.1R3; 22.2 versions prior to 22.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 21.1R1. This issue affects: Juniper Networks Junos OS Evolved 21.1-EVO version 21.1R1-EVO and later versions prior to 21.4R3-EVO; 22.1-EVO versions prior to 22.1R3-EVO; 22.2-EVO versions prior to 22.2R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 21.1R1-EVO.

Weakness

The product uses or accesses a resource that has not been initialized.

Affected Software

Name Vendor Start Version End Version
Junos_os_evolved Juniper 21.1 21.1
Junos_os_evolved Juniper 21.1 21.1
Junos_os_evolved Juniper 21.1 21.1
Junos_os_evolved Juniper 21.1 21.1
Junos_os_evolved Juniper 21.1 21.1
Junos_os_evolved Juniper 21.1 21.1
Junos_os_evolved Juniper 21.1 21.1
Junos_os_evolved Juniper 21.1 21.1
Junos_os_evolved Juniper 21.2 21.2
Junos_os_evolved Juniper 21.2 21.2
Junos_os_evolved Juniper 21.2 21.2
Junos_os_evolved Juniper 21.2 21.2
Junos_os_evolved Juniper 21.2 21.2
Junos_os_evolved Juniper 21.2 21.2
Junos_os_evolved Juniper 21.2 21.2
Junos_os_evolved Juniper 21.2 21.2
Junos_os_evolved Juniper 21.2 21.2
Junos_os_evolved Juniper 21.2 21.2
Junos_os_evolved Juniper 21.2 21.2
Junos_os_evolved Juniper 21.2 21.2
Junos_os_evolved Juniper 21.2 21.2
Junos_os_evolved Juniper 21.3 21.3
Junos_os_evolved Juniper 21.3 21.3
Junos_os_evolved Juniper 21.3 21.3
Junos_os_evolved Juniper 21.3 21.3
Junos_os_evolved Juniper 21.3 21.3
Junos_os_evolved Juniper 21.3 21.3
Junos_os_evolved Juniper 21.3 21.3
Junos_os_evolved Juniper 21.3 21.3
Junos_os_evolved Juniper 21.3 21.3
Junos_os_evolved Juniper 21.3 21.3
Junos_os_evolved Juniper 21.3 21.3
Junos_os_evolved Juniper 21.4 21.4
Junos_os_evolved Juniper 21.4 21.4
Junos_os_evolved Juniper 21.4 21.4
Junos_os_evolved Juniper 21.4 21.4
Junos_os_evolved Juniper 21.4 21.4
Junos_os_evolved Juniper 21.4 21.4
Junos_os_evolved Juniper 21.4 21.4
Junos_os_evolved Juniper 22.1 22.1
Junos_os_evolved Juniper 22.1 22.1
Junos_os_evolved Juniper 22.1 22.1
Junos_os_evolved Juniper 22.1 22.1
Junos_os_evolved Juniper 22.1 22.1
Junos_os_evolved Juniper 22.2 22.2
Junos_os_evolved Juniper 22.2 22.2

Potential Mitigations

References