CVE-2023-22422

Name of the Vulnerable Software and Affected Versions BIG-IP versions 17.0.x through 17.0.0.1 BIG-IP versions 16.1.x through 16.1.3.2

Description The issue is caused by undisclosed requests that can terminate the Traffic Management Microkernel (TMM) when a HTTP profile with non-default Enforcement options is configured on a virtual server. This can lead to a denial of service. The vulnerability may also be related to a stack buffer overflow.

Recommendations For BIG-IP versions 17.0.x through 17.0.0.1, update to version 17.0.0.2 or later. For BIG-IP versions 16.1.x through 16.1.3.2, update to version 16.1.3.3 or later. As a temporary workaround, consider disabling the non-default Enforcement options of Enforce HTTP Compliance and Unknown Methods: Reject on the HTTP profile until a patch is available.