CVE-2020-27713

Published: Dec 11, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP security profile is applied to a virtual server and the BIG-IP system receives a request with specific characteristics, the connection is reset and the Traffic Management Microkernel (TMM) leaks memory.

Affected (1)

Products: F5: Big Ip Advanced Firewall Manager

1 product

Big Ip Advanced Firewall Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Advanced Firewall Manager	Version 13.1.3.4

Related CWEs

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (2)

https://support.f5.com/csp/article/K37960100

Source: f5sirt@f5.com

Vendor Advisory

https://support.f5.com/csp/article/K37960100

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.