CVE-2022-23029

On BIG-IP version 16.x before 16.1.0, 15.1.x before 15.1.4.1, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, when a FastL4 profile is configured on a virtual server, undisclosed traffic can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Weakness

The product checks the state of a resource before using that resource, but the resource’s state can change between the check and the use in a way that invalidates the results of the check.

Affected Software

Name	Vendor	Start Version	End Version
Big-ip_access_policy_manager	F5	11.6.1 (including)	11.6.5 (including)
Big-ip_access_policy_manager	F5	12.1.0 (including)	12.1.6 (including)
Big-ip_access_policy_manager	F5	13.1.0 (including)	13.1.4 (including)
Big-ip_access_policy_manager	F5	14.1.0 (including)	14.1.4 (including)
Big-ip_access_policy_manager	F5	15.1.0 (including)	15.1.4 (including)
Big-ip_advanced_firewall_manager	F5	11.6.1 (including)	11.6.5 (including)
Big-ip_advanced_firewall_manager	F5	12.1.0 (including)	12.1.6 (including)
Big-ip_advanced_firewall_manager	F5	13.1.0 (including)	13.1.4 (including)
Big-ip_advanced_firewall_manager	F5	14.1.0 (including)	14.1.4 (including)
Big-ip_advanced_firewall_manager	F5	15.1.0 (including)	15.1.4 (including)
Big-ip_advanced_web_application_firewall	F5	11.6.1 (including)	11.6.5 (including)
Big-ip_advanced_web_application_firewall	F5	12.1.0 (including)	12.1.6 (including)
Big-ip_advanced_web_application_firewall	F5	13.1.0 (including)	13.1.4 (including)
Big-ip_advanced_web_application_firewall	F5	14.1.0 (including)	14.1.4 (including)
Big-ip_advanced_web_application_firewall	F5	15.1.0 (including)	15.1.4 (including)
Big-ip_analytics	F5	11.6.1 (including)	11.6.5 (including)
Big-ip_analytics	F5	12.1.0 (including)	12.1.6 (including)
Big-ip_analytics	F5	13.1.0 (including)	13.1.4 (including)
Big-ip_analytics	F5	14.1.0 (including)	14.1.4 (including)
Big-ip_analytics	F5	15.1.0 (including)	15.1.4 (including)
Big-ip_application_acceleration_manager	F5	11.6.1 (including)	11.6.5 (including)
Big-ip_application_acceleration_manager	F5	12.1.0 (including)	12.1.6 (including)
Big-ip_application_acceleration_manager	F5	13.1.0 (including)	13.1.4 (including)
Big-ip_application_acceleration_manager	F5	14.1.0 (including)	14.1.4 (including)
Big-ip_application_acceleration_manager	F5	15.1.0 (including)	15.1.4 (including)
Big-ip_application_security_manager	F5	11.6.1 (including)	11.6.5 (including)
Big-ip_application_security_manager	F5	12.1.0 (including)	12.1.6 (including)
Big-ip_application_security_manager	F5	13.1.0 (including)	13.1.4 (including)
Big-ip_application_security_manager	F5	14.1.0 (including)	14.1.4 (including)
Big-ip_application_security_manager	F5	15.1.0 (including)	15.1.4 (including)
Big-ip_ddos_hybrid_defender	F5	11.6.1 (including)	11.6.5 (including)
Big-ip_ddos_hybrid_defender	F5	12.1.0 (including)	12.1.6 (including)
Big-ip_ddos_hybrid_defender	F5	13.1.0 (including)	13.1.4 (including)
Big-ip_ddos_hybrid_defender	F5	14.1.0 (including)	14.1.4 (including)
Big-ip_ddos_hybrid_defender	F5	15.1.0 (including)	15.1.4 (including)
Big-ip_domain_name_system	F5	11.6.1 (including)	11.6.5 (including)
Big-ip_domain_name_system	F5	12.1.0 (including)	12.1.6 (including)
Big-ip_domain_name_system	F5	13.1.0 (including)	13.1.4 (including)
Big-ip_domain_name_system	F5	14.1.0 (including)	14.1.4 (including)
Big-ip_domain_name_system	F5	15.1.0 (including)	15.1.4 (including)
Big-ip_fraud_protection_service	F5	11.6.1 (including)	11.6.5 (including)
Big-ip_fraud_protection_service	F5	12.1.0 (including)	12.1.6 (including)
Big-ip_fraud_protection_service	F5	13.1.0 (including)	13.1.4 (including)
Big-ip_fraud_protection_service	F5	14.1.0 (including)	14.1.4 (including)
Big-ip_fraud_protection_service	F5	15.1.0 (including)	15.1.4 (including)
Big-ip_global_traffic_manager	F5	11.6.1 (including)	11.6.5 (including)
Big-ip_global_traffic_manager	F5	12.1.0 (including)	12.1.6 (including)
Big-ip_global_traffic_manager	F5	13.1.0 (including)	13.1.4 (including)
Big-ip_global_traffic_manager	F5	14.1.0 (including)	14.1.4 (including)
Big-ip_global_traffic_manager	F5	15.1.0 (including)	15.1.4 (including)
Big-ip_link_controller	F5	11.6.1 (including)	11.6.5 (including)
Big-ip_link_controller	F5	12.1.0 (including)	12.1.6 (including)
Big-ip_link_controller	F5	13.1.0 (including)	13.1.4 (including)
Big-ip_link_controller	F5	14.1.0 (including)	14.1.4 (including)
Big-ip_link_controller	F5	15.1.0 (including)	15.1.4 (including)
Big-ip_local_traffic_manager	F5	11.6.1 (including)	11.6.5 (including)
Big-ip_local_traffic_manager	F5	12.1.0 (including)	12.1.6 (including)
Big-ip_local_traffic_manager	F5	13.1.0 (including)	13.1.4 (including)
Big-ip_local_traffic_manager	F5	14.1.0 (including)	14.1.4 (including)
Big-ip_local_traffic_manager	F5	15.1.0 (including)	15.1.4 (including)
Big-ip_policy_enforcement_manager	F5	11.6.1 (including)	11.6.5 (including)
Big-ip_policy_enforcement_manager	F5	12.1.0 (including)	12.1.6 (including)
Big-ip_policy_enforcement_manager	F5	13.1.0 (including)	13.1.4 (including)
Big-ip_policy_enforcement_manager	F5	14.1.0 (including)	14.1.4 (including)
Big-ip_policy_enforcement_manager	F5	15.1.0 (including)	15.1.4 (including)
Big-ip_ssl_orchestrator	F5	11.6.1 (including)	11.6.5 (including)
Big-ip_ssl_orchestrator	F5	12.1.0 (including)	12.1.6 (including)
Big-ip_ssl_orchestrator	F5	13.1.0 (including)	13.1.4 (including)
Big-ip_ssl_orchestrator	F5	14.1.0 (including)	14.1.4 (including)
Big-ip_ssl_orchestrator	F5	15.1.0 (including)	15.1.4 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-23029
CWE	https://cwe.mitre.org/data/definitions/367.html

Time-of-check Time-of-use (TOCTOU) Race Condition

Weakness

Affected Software

Potential Mitigations

References

CVE-2022-23029

Time-of-check Time-of-use (TOCTOU) Race Condition

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References