CVE-2019-6594Infinite Loop in F5 Big-ip Access Policy Manager

CWE-835Infinite Loop4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
0.6%
top 29.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
F5 Big-ip Access Policy ManagerF5 Big-ip Advanced Firewall ManagerF5 Big-ip Analytics+9 more
Timeline
PublishedFeb 26
Latest updateMay 13

Description

On BIG-IP 11.5.1-11.6.3.2, 12.1.3.4-12.1.3.7, 13.0.0 HF1-13.1.1.1, and 14.0.0-14.0.0.2, Multi-Path TCP (MPTCP) does not protect against multiple zero length DATA_FINs in the reassembly queue, which can lead to an infinite loop in some circumstances.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.2 | Impact: 3.6

Affected Packages12 packages

NVDf5/big-ip_fraud_protection_service11.5.111.6.3.2+4
NVDf5/big-ip_analytics11.5.111.6.3.2+4
NVDf5/big-ip_edge_gateway11.5.111.6.3.2+4
NVDf5/big-ip_webaccelerator11.5.111.6.3.2+4
NVDf5/big-ip_link_controller11.5.111.6.3.2+4

🔴Vulnerability Details

2
GHSA
GHSA-fh8c-2997-r5xh: On BIG-IP 112022-05-13
CVEList
CVE-2019-6594: On BIG-IP 112019-02-26

📋Vendor Advisories

1
F5
CVE-2019-6594: On BIG-IP 112019-02-26
CVE-2019-6594 — Infinite Loop in F5 | cvebase