Security Advisory Description
An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. (CVE-2022-40304).
Impact
This vulnerability allows a remote (or local in the case of Traffix), unauthenticated attacker to cause memory corruption that can lead to access to restricted information, data modification, or a denial-of-service (DoS) on the affected F5 products. There is both control plane and data plane exposure.