Main Vulnerability Database Vulnerabilities #VU59836

NULL pointer dereference in BIG-IP - CVE-2022-23022

Published: January 19, 2022

Vulnerability identifier: #VU59836

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-23022

CWE-ID: CWE-476

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
BIG-IP

Software vendor:
F5 Networks

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error during HTTP protocol inspection. A remote attacker can send specially crafted HTTP request through the affected system, trigger a NULL pointer dereference error and crash the Traffic Management Microkernel (TMM) process.

Successful exploitation of the vulnerability requires that Virtual Servers with HTTP profile is configured.

Remediation

Install update from vendor's website.

External links

https://support.f5.com/csp/article/K96924184

NULL pointer dereference in BIG-IP - CVE-2022-23022

Description

Remediation

External links

Please verify you're human