A vulnerability in multiple F5 BIG-IP products can be exploited by malicious people to compromise a vulnerable system.
The libcurl API function called
curl_maprintf() before version 7.51.0 can be tricked into doing a double-free due to an unsafe
size_t multiplication, on systems using 32 bit
A custom monitor or script that calls the curl command may allow unauthorized disclosure of information, unauthorized modiﬁcation, and disruption of service. The big3d process, which includes the libcurl library, may allow unauthorized disclosure of information, unauthorized modiﬁcation, and disruption of service.
Update or upgrade to a ﬁxed version if available.
BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe: Update or upgrade to version 13.1.0.