CVE-2024-23982

Published: Feb 14, 2024Modified: Dec 12, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files. NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated

Affected (3)

Products: F5: Big Ip Policy Enforcement Manager

1 product

Big Ip Policy Enforcement Manager

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
F5 Big Ip Policy Enforcement Manager	From 15.1.0 to 15.1.10
F5 Big Ip Policy Enforcement Manager	From 16.1.0 to 16.1.4
F5 Big Ip Policy Enforcement Manager	From 17.1.0 to 17.1.1

Related CWEs

CWE-121

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (2)

https://my.f5.com/manage/s/article/K000135946

Source: f5sirt@f5.com

Vendor Advisory

https://my.f5.com/manage/s/article/K000135946

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.