F5 BIG-IP Next SPK 代码问题漏洞

F5 BIG-IP Next SPK is a cloud-native application traffic management solution from F5 USA. A code issue vulnerability exists in F5 BIG-IP Next SPK, which stems from the possibility that undisclosed traffic in an HTTP/2 Ingress configuration could lead to the termination of the Traffic Management...

K000138682: libssh vulnerability CVE-2023-2283

Security Advisory Description A vulnerability was found in libssh, where the authentication check of the connecting client can be bypassed in thepkiverifydatasignature function in memory allocation problems. This issue may happen if there is insufficient memory or the memory usage is limited. The...

CVE-2024-23314

CVE-2024-23314 affects BIG-IP and BIG-IP Next SPK when HTTP/2 is configured. Undisclosed responses can cause TMM to terminate, leading to DoS on the data plane. Remediations per F5 advisory K000137675: BIG-IP fixed in 17.1.1 (all modules); BIG-IP Next SPK fixed in 1.8.1. Confirm your branch/versi...

F5 BIG-IP Security Vulnerabilities

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, and load balancing. A security vulnerability exists in F5 BIG-IP that stems from an undisclosed response that could cause the Traffic Management Microkernel TMM t...

K000134706: Python IDNA vulnerability CVE-2022-45061

Security Advisory Description An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA RFC 3490 decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of...

K000133706: OpenSSL vulnerability CVE-2023-0464

Security Advisory Description A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain th...