K94563344 : HTTP/2 ALPN vulnerability CVE-2019-6619

Security Advisory Description

The Traffic Management Microkernel (TMM) may restart when a virtual server has an HTTP/2 profile with Application Layer Protocol Negotiation (ALPN) enabled and it processes traffic where the ALPN extension size is zero. (CVE-2019-6619)

Impact

BIG-IP

The Traffic Management Microkernel (TMM) generates a core file and restarts. If configured as part of a high availability (HA) device group, the BIG-IP system fails over to the peer device. For BIG-IP versions 13.1.0 and later, the ALPN setting is enabled on the HTTP/2 profile by default.

Enterprise Manager, BIG-IQ, F5 iWorkflow, Traffix SDC

There is no impact on these F5 products and they are not affected by this vulnerability.