CVE-2024-23805Incorrect Calculation of Buffer Size in F5 Big-ip Advanced WEB Application Firewall

CWE-131Incorrect Calculation of Buffer Size4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 45.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
F5 Big-ipF5 Big-ip Advanced WEB Application FirewallF5 Big-ip Application Security Manager
Timeline
PublishedFeb 14

Description

Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables av

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDf5/big-ip_application_security_manager15.1.015.1.10+2
CVEListV5f5/big-ip17.1.017.1.1+2

🔴Vulnerability Details

2
CVEList
F5 Application Visibility and Reporting module and BIG-IP Advanced WAF/ASM vulnerability2024-02-14
GHSA
GHSA-gwgj-3v6v-5fj2: Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate2024-02-14

📋Vendor Advisories

1
F5
CVE-2024-23805: Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate2024-02-14
CVE-2024-23805 — Incorrect Calculation of Buffer Size | cvebase