CVE-2022-41787

In BIG-IP versions 17.0.x before 17.0.0.1, 16.1.x before 16.1.3.1, 15.1.x before 15.1.6.1, 14.1.x before 14.1.5.1, and 13.1.x before 13.1.5.1, when DNS profile is configured on a virtual server with DNS Express enabled, undisclosed DNS queries with DNSSEC can cause TMM to terminate.

Weakness

The product dereferences a pointer that it expects to be valid but is NULL.

Affected Software

Name	Vendor	Start Version	End Version
Big-ip_domain_name_system	F5	13.1.0 (including)	13.1.5.1 (excluding)
Big-ip_domain_name_system	F5	14.1.0 (including)	14.1.5.1 (excluding)
Big-ip_domain_name_system	F5	15.1.0 (including)	15.1.6.1 (excluding)
Big-ip_domain_name_system	F5	16.1.0 (including)	16.1.3.1 (excluding)
Big-ip_domain_name_system	F5	17.0.0 (including)	17.0.0.1 (excluding)
Big-ip_local_traffic_manager	F5	13.1.0 (including)	13.1.5.1 (excluding)
Big-ip_local_traffic_manager	F5	14.1.0 (including)	14.1.5.1 (excluding)
Big-ip_local_traffic_manager	F5	15.1.0 (including)	15.1.6.1 (excluding)
Big-ip_local_traffic_manager	F5	16.1.0 (including)	16.1.3.1 (excluding)
Big-ip_local_traffic_manager	F5	17.0.0 (including)	17.0.0.1 (excluding)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-41787
CWE	https://cwe.mitre.org/data/definitions/476.html

NULL Pointer Dereference

Weakness

Affected Software

Potential Mitigations

References