Juniper Junos OS: 2023-04 Security Bulletin: Junos OS: SRX Series: Policies that rely on JDPI-Decoder actions may fail open (JSA70592) (CVE-2023-28968)

An Improperly Controlled Sequential Memory Allocation vulnerability in the Juniper Networks Deep Packet Inspection-Decoder (JDPI-Decoder) Application Signature component of Junos OS's AppID service on SRX Series devices will stop the JDPI-Decoder from identifying dynamic application traffic, allowing an unauthenticated network-based attacker to send traffic to the target device using the JDPI-Decoder, designed to inspect dynamic application traffic and take action upon this traffic, to instead begin to not take action and to pass the traffic through. An example session can be seen by running the following command and evaluating the output. user@device# run show security flow session source-prefix

extensive Session ID: , Status: Normal, State: Active Policy name: Dynamic application: junos:UNKNOWN,