CVE-2020-5877

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.6.1 through 11.6.5.1 F5 BIG-IP versions 12.1.0 through 12.1.5.1 F5 BIG-IP versions 13.1.0 through 13.1.3.3 F5 BIG-IP versions 14.1.0 through 14.1.2.3 F5 BIG-IP versions 15.0.0 through 15.1.0.1

Description The issue arises from malformed input to the DATAGRAM::tcp iRules command within a FLOW INIT event, potentially leading to a denial of service.

Recommendations For versions 11.6.1 through 11.6.5.1, consider disabling the DATAGRAM::tcp iRules command within a FLOW INIT event as a temporary workaround until a patch is available. For versions 12.1.0 through 12.1.5.1, consider disabling the DATAGRAM::tcp iRules command within a FLOW INIT event as a temporary workaround until a patch is available. For versions 13.1.0 through 13.1.3.3, consider disabling the DATAGRAM::tcp iRules command within a FLOW INIT event as a temporary workaround until a patch is available. For versions 14.1.0 through 14.1.2.3, consider disabling the DATAGRAM::tcp iRules command within a FLOW INIT event as a temporary workaround until a patch is available. For versions 15.0.0 through 15.1.0.1, consider disabling the DATAGRAM::tcp iRules command within a FLOW INIT event as a temporary workaround until a patch is available.