CVE-2020-27718

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.6.1 through 11.6.5.2 F5 BIG-IP versions 12.1.0 through 12.1.5.2 F5 BIG-IP versions 13.1.0 through 13.1.3.4 F5 BIG-IP versions 14.1.0 through 14.1.3 F5 BIG-IP versions 15.1.0 through 15.1.0.5 F5 BIG-IP versions 16.0.0 through 16.0.0.1

Description The issue occurs when a BIG-IP ASM or Advanced WAF system processes requests with a JSON payload containing an unusually large number of parameters, leading to excessive CPU usage in the BIG-IP ASM bd process.

Recommendations For versions 11.6.1 through 11.6.5.2, consider restricting the size of JSON payloads to prevent excessive CPU usage. For versions 12.1.0 through 12.1.5.2, consider restricting the size of JSON payloads to prevent excessive CPU usage. For versions 13.1.0 through 13.1.3.4, consider restricting the size of JSON payloads to prevent excessive CPU usage. For versions 14.1.0 through 14.1.3, consider restricting the size of JSON payloads to prevent excessive CPU usage. For versions 15.1.0 through 15.1.0.5, consider restricting the size of JSON payloads to prevent excessive CPU usage. For versions 16.0.0 through 16.0.0.1, consider restricting the size of JSON payloads to prevent excessive CPU usage.