CVE-2024-23982
14.02.2024, 17:15
When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files.NOTE:Software versions which have reached End of Technical Support (EoTS) are not evaluatedEnginsight
| Vendor | Product | Version |
|---|---|---|
| f5 | big-ip_policy_enforcement_manager | 15.1.0 ≤ 𝑥 ≤ 15.1.10 |
| f5 | big-ip_policy_enforcement_manager | 16.1.0 ≤ 𝑥 ≤ 16.1.4 |
| f5 | big-ip_policy_enforcement_manager | 17.1.0 ≤ 𝑥 ≤ 17.1.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-121 - Stack-based Buffer OverflowA stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).
- CWE-787 - Out-of-bounds WriteThe software writes data past the end, or before the beginning, of the intended buffer.