SB2024102826 - Multiple vulnerabilities in F5 BIG-IQ Centralized Management webUI and tmsh utility

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2024102826

SB2024102826 - Multiple vulnerabilities in F5 BIG-IQ Centralized Management webUI and tmsh utility

Published: October 28, 2024

Security Bulletin ID SB2024102826
Severity
Low
Patch available
NO
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Buffer over-read (CVE-ID: CVE-2016-10350)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2. A remote attacker can trigger heap-based buffer over-read and application crash via a specially crafted file.


2) Buffer over-read (CVE-ID: CVE-2016-10349)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the archive_le32dec function in archive_endian.h in libarchive. A remote attacker can trigger heap-based buffer over-read and application crash via a specially crafted file.


3) NULL pointer dereference (CVE-ID: CVE-2016-10209)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in archive_string.c in libarchive allows remote attackers to trigger NULL pointer dereference and application crash via a specially crafted archive file.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References