CVE-2021-22982 — Classic Buffer Overflow in F5 Big-ip Domain Name System

CWE-120 — Classic Buffer Overflow4 documents4 sources

Severity

7.2HIGHNVD

EPSS

0.4%

top 37.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Domain Name System F5 Big-ip Global Traffic Manager

Timeline

PublishedFeb 12

Latest updateMay 24

Description

On BIG-IP DNS and GTM version 13.1.x before 13.1.0.4, and all versions of 12.1.x and 11.6.x, big3d does not securely handle and parse certain payloads resulting in a buffer overflow. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

▶NVDf5/big-ip_domain_name_system13.1.0 — 13.1.0.4+1

▶NVDf5/big-ip_global_traffic_manager11.6.1 — 11.6.5

🔴Vulnerability Details

GHSA

GHSA-3g9m-2rxr-22r8: On BIG-IP DNS and GTM version 13↗2022-05-24

▶

CVEList

CVE-2021-22982: On BIG-IP DNS and GTM version 13↗2021-02-12

▶

📋Vendor Advisories

CVE-2021-22982: On BIG-IP DNS and GTM version 13↗2021-02-12

▶