CVE-2023-22664

Name of the Vulnerable Software and Affected Versions BIG-IP versions 16.1.x through 16.1.3.2 BIG-IP versions 17.0.x through 17.0.0.1 BIG-IP SPK versions 1.6.0 and later

Description The issue is related to an uncontrolled resource consumption when handling requests. This can be exploited by a remote attacker to cause a denial of service. The vulnerability is triggered when a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, allowing undisclosed requests to increase memory resource utilization.

Recommendations For BIG-IP versions 16.1.x through 16.1.3.2, update to version 16.1.3.3 or later. For BIG-IP versions 17.0.x through 17.0.0.1, update to version 17.0.0.2 or later. For BIG-IP SPK versions 1.6.0 and later, consider disabling the client-side HTTP/2 profile and the HTTP MRF Router option as a temporary workaround until a patch is available.