Severity
Medium
Analysis Summary
A vulnerability in multiple F5 BIG-IP products can be exploited by malicious people to compromise a vulnerable system.
The libcurl API function called curl_maprintf()
before version 7.51.0 can be tricked into doing a double-free due to an unsafe size_t
multiplication, on systems using 32 bit size_t
variables.
A custom monitor or script that calls the curl command may allow unauthorized disclosure of information, unauthorized modification, and disruption of service. The big3d process, which includes the libcurl library, may allow unauthorized disclosure of information, unauthorized modification, and disruption of service.
Impact
System Access
Information Disclosure
Affected Products
Remediation
Update or upgrade to a fixed version if available.
BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, PEM, and WebSafe: Update or upgrade to version 13.1.0.