cbcvebase.
CVE-2020-5926
published 2020-08-26

CVE-2020-5926: In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, a BIG-IP virtual server with a Session Initiation Protocol (SIP) ALG profile, parsing…

high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, a BIG-IP virtual server with a Session Initiation Protocol (SIP) ALG profile, parsing SIP messages that contain a multi-part MIME payload with certain boundary strings can cause TMM to free memory to the wrong cache.

Affected

45 ranges· showing 25
VendorProductVersion rangeFixed in
f5big-ip_aam
f5big-ip_access_policy_manager
f5big-ip_access_policy_manager>= 14.1.0 < 14.1.2.714.1.2.7
f5big-ip_access_policy_manager>= 15.0.0 < 15.0.1.415.0.1.4
f5big-ip_access_policy_manager>= 15.1.0 < 15.1.0.515.1.0.5
f5big-ip_advanced_firewall_manager>= 14.1.0 < 14.1.2.714.1.2.7
f5big-ip_advanced_firewall_manager>= 15.0.0 < 15.0.1.415.0.1.4
f5big-ip_advanced_firewall_manager>= 15.1.0 < 15.1.0.515.1.0.5
f5big-ip_afm
f5big-ip_analytics
f5big-ip_analytics>= 14.1.0 < 14.1.2.714.1.2.7
f5big-ip_analytics>= 15.0.0 < 15.0.1.415.0.1.4
f5big-ip_analytics>= 15.1.0 < 15.1.0.515.1.0.5
f5big-ip_apm
f5big-ip_application_acceleration_manager>= 14.1.0 < 14.1.2.714.1.2.7
f5big-ip_application_acceleration_manager>= 15.0.0 < 15.0.1.415.0.1.4
f5big-ip_application_acceleration_manager>= 15.1.0 < 15.1.0.515.1.0.5
f5big-ip_application_security_manager>= 14.1.0 < 14.1.2.714.1.2.7
f5big-ip_application_security_manager>= 15.0.0 < 15.0.1.415.0.1.4
f5big-ip_application_security_manager>= 15.1.0 < 15.1.0.515.1.0.5
f5big-ip_asm
f5big-ip_dns
f5big-ip_domain_name_system>= 14.1.0 < 14.1.2.714.1.2.7
f5big-ip_domain_name_system>= 15.0.0 < 15.0.1.415.0.1.4
f5big-ip_domain_name_system>= 15.1.0 < 15.1.0.515.1.0.5