SB2025010626 - Out-of-bounds read in F5 BIG-IP iApps

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2025010626

SB2025010626 - Out-of-bounds read in F5 BIG-IP iApps

Published: January 6, 2025

Security Bulletin ID SB2025010626
Severity
Low
Patch available
NO
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Out-of-bounds read (CVE-ID: CVE-2017-1000381)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack and gain access to potentially sensitive data.

The vulnerability exists due to a boundary error in ares_parse_naptr_reply() function when processing NAPTR responses. A remote attacker can send a specially crafted DNS response to vulnerable application and perform denial of service attack or gain access to potentially sensitive data.


Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References