CVE-2009-4420 — Improper Restriction of Operations within the Bounds of a Memory Buffer in F5 Big-ip Application Security Manager

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources

Severity

7.8HIGHNVD

EPSS

3.0%

top 13.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Application Security Manager F5 Big-ip Protocol Security Manager F5 Big-ip Protocol Security Module

Timeline

PublishedDec 24

Latest updateMay 2

Description

Buffer overflow in the bd daemon in F5 Networks BIG-IP Application Security Manager (ASM) 9.4.4 through 9.4.7 and 10.0.0 through 10.0.1, and Protocol Security Manager (PSM) 9.4.5 through 9.4.7 and 10.0.0 through 10.0.1, allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶NVDf5/big-ip_protocol_security_manager4 versions+3

▶NVDf5/big-ip_application_security_manager6 versions+5

▶NVDf5/big-ip_protocol_security_module10.0.0

🔴Vulnerability Details

GHSA

GHSA-jggw-46hj-wcq8: Buffer overflow in the bd daemon in F5 Networks BIG-IP Application Security Manager (ASM) 9↗2022-05-02

▶

CVEList

CVE-2009-4420: Buffer overflow in the bd daemon in F5 Networks BIG-IP Application Security Manager (ASM) 9↗2009-12-24

▶