CVE-2019-6619: On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Traffic Management Microkernel (TMM) may restart when a virtual server has an HTTP/2 profile…

high7.5CVSS 3.1

AVNACLPRNUINSUCNINAH

On BIG-IP 14.0.0-14.1.0.1, 13.0.0-13.1.1.4, and 12.1.0-12.1.4, the Traffic Management Microkernel (TMM) may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation (ALPN) enabled and it processes traffic where the ALPN extension size is zero.

Affected

32 ranges· showing 25

Vendor	Product	Version range	Fixed in
f5	big-ip_aam	—	—
f5	big-ip_access_policy_manager	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_access_policy_manager	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_access_policy_manager	>= 14.0.0 < 14.1.0.2	14.1.0.2
f5	big-ip_advanced_firewall_manager	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_advanced_firewall_manager	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_advanced_firewall_manager	>= 14.0.0 < 14.1.0.2	14.1.0.2
f5	big-ip_afm	—	—
f5	big-ip_apm	—	—
f5	big-ip_application_acceleration_manager	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_application_acceleration_manager	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_application_acceleration_manager	>= 14.0.0 < 14.1.0.2	14.1.0.2
f5	big-ip_application_security_manager	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_application_security_manager	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_application_security_manager	>= 14.0.0 < 14.1.0.2	14.1.0.2
f5	big-ip_asm	—	—
f5	big-ip_link_controller	—	—
f5	big-ip_link_controller	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_link_controller	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_link_controller	>= 14.0.0 < 14.1.0.2	14.1.0.2
f5	big-ip_local_traffic_manager	>= 12.1.0 < 12.1.4.1	12.1.4.1
f5	big-ip_local_traffic_manager	>= 13.0.0 < 13.1.1.5	13.1.1.5
f5	big-ip_local_traffic_manager	>= 14.0.0 < 14.1.0.2	14.1.0.2
f5	big-ip_ltm	—	—
f5	big-ip_pem	—	—