PT-2022-22270 · F5 · F5 Big-Ip
Published
2022-08-04
·
Updated
2022-08-10
·
CVE-2022-34651
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
F5 BIG-IP versions 15.1.x through 15.1.6.0
F5 BIG-IP versions 16.1.x through 16.1.3.0
Description
When an LTM Client or Server SSL profile with TLS 1.3 enabled is configured on a virtual server, along with an iRule that calls
HTTP::respond, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate.Recommendations
For F5 BIG-IP versions 15.1.x through 15.1.6.0, update to version 15.1.6.1 or later to resolve the issue.
For F5 BIG-IP versions 16.1.x through 16.1.3.0, update to version 16.1.3.1 or later to resolve the issue.
As a temporary workaround, consider disabling the
HTTP::respond function in iRules until a patch is available.Fix
NULL Pointer Dereference
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
F5 Big-Ip