Out-of-bounds read in F5 BIG-IP iApps



Risk Low
Patch available NO
Number of vulnerabilities 1
CVE-ID CVE-2017-1000381
CWE-ID CWE-125
Exploitation vector Network
Public exploit N/A
Vulnerable software
BIG-IP
Hardware solutions / Firmware

Vendor F5 Networks

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Out-of-bounds read

EUVDB-ID: #VU7563

Risk: Medium

CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-1000381

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack and gain access to potentially sensitive data.

The vulnerability exists due to a boundary error in ares_parse_naptr_reply() function when processing NAPTR responses. A remote attacker can send a specially crafted DNS response to vulnerable application and perform denial of service attack or gain access to potentially sensitive data.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

BIG-IP: 15.0.0 - 17.1.2

CPE2.3 External links

http://my.f5.com/manage/s/article/K000149130


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###