{"containers": {"cna": {"affected": [{"product": "BIG-IP", "vendor": "n/a", "versions": [{"status": "affected", "version": "15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1"}]}], "descriptions": [{"lang": "en", "value": "On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, under certain conditions tmm may leak memory when processing packet fragments, leading to resource starvation."}], "problemTypes": [{"descriptions": [{"description": "DoS", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-11-27T21:41:34", "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "shortName": "f5"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://support.f5.com/csp/article/K39225055"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "f5sirt@f5.com", "ID": "CVE-2019-6671", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "BIG-IP", "version": {"version_data": [{"version_value": "15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, under certain conditions tmm may leak memory when processing packet fragments, leading to resource starvation."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "DoS"}]}]}, "references": {"reference_data": [{"name": "https://support.f5.com/csp/article/K39225055", "refsource": "CONFIRM", "url": "https://support.f5.com/csp/article/K39225055"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T20:31:04.049Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.f5.com/csp/article/K39225055"}]}]}, "cveMetadata": {"assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab", "assignerShortName": "f5", "cveId": "CVE-2019-6671", "datePublished": "2019-11-27T21:41:34", "dateReserved": "2019-01-22T00:00:00", "dateUpdated": "2024-08-04T20:31:04.049Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C7174510-CC8F-4F4D-9706-C7CBB99D7172", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "5AF91B1E-6739-47B0-83AC-62475648FA9F", "versionEndIncluding": "14.0.1", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C8D4FBBA-1D87-4CCB-ADB3-42514FB0CF45", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6A53E3C-3E09-4100-8D5A-10AD4973C230", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2BFAF3E-5E01-4EBF-AC8C-92DDFF38EB8F", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAD6198E-F90A-48CB-B02B-5770B59ACE12", "versionEndIncluding": "14.0.1", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8BBC028-03DD-4412-9180-883E4252E132", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCAE28C2-0ADD-4FD0-A520-EFB764164DD8", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "88FFA413-C798-4FB6-AA37-1BDD1C11DD06", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "279D6B0F-A438-40B3-BE9D-2C9E2412E01D", "versionEndIncluding": "14.0.1", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC15881B-9C49-4E77-9FB6-A6E60D0BCAD3", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*", "matchCriteriaId": "36A213C6-D6E4-4F38-989D-81D3DFC11829", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "C13DFF4A-CD7C-4B9A-AD90-79E29FC1D117", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "05A3E73A-9B60-4568-91E1-83AEFD4A6B21", "versionEndIncluding": "14.0.1", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D4B5A46-AA7B-416F-BA97-76A0BA232C6F", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "59D9F39B-206B-4E76-A811-1CAA705A60EE", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "241F94B5-C01C-4F62-85D9-EAC3C71845BC", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "31A36F31-1453-4907-8621-61E75F285734", "versionEndIncluding": "14.0.1", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "05106312-E60D-4CF1-B4C8-6F1EF5AF8D75", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "70099A38-3B84-4C40-8590-BE6C8F7C21A7", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "09B194A3-5261-4063-9E02-19855CCD8A90", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "B281ACF1-B672-491C-AC77-E39F25CC02D1", "versionEndIncluding": "14.0.1", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "27ABD6A3-5D67-4543-BB90-602F17A98B52", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "1DE40473-ABAE-4D91-8EBB-FB5719E107F6", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8226B91-CF43-4371-B140-9214F559E46F", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "A4E4F0E4-BCB3-4E29-B011-7594452AD09C", "versionEndIncluding": "14.0.1", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "4A12D58A-DC8D-4AA1-A377-38C266B9FA44", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*", "matchCriteriaId": "5B85324E-B26B-4B31-B4D0-43438546A411", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "48A3DFA8-2DB0-4F65-AE6F-BB02CF42EE7E", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "A60A7D69-96CA-4C88-8D65-220B93C56980", "versionEndIncluding": "14.0.1", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "B1B2D963-4E55-45B5-80E0-BC6FFB2122F7", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*", "matchCriteriaId": "18B5A918-F9AA-4889-94A7-33E6E54CF383", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "91E6280C-0340-49D0-982C-DAA4606E6CB5", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "691942EE-786B-4BF9-89F0-C47CB8B2A007", "versionEndIncluding": "14.0.1", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D8BBD637-148A-4E1A-B2DC-129BCD121C1E", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EF606356-8191-478D-AF60-D48A408CD9ED", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "FC6FB035-B2F6-452B-A407-85535B07D897", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "BDD109E8-E153-4C4C-9328-98839E90252D", "versionEndIncluding": "14.0.1", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "A93AAEB9-556E-4F94-ADEC-D9C294B7F37E", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA3E37E6-64B9-4668-AC01-933711E1C934", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "76D757F4-B333-4EFB-87CE-1F14BD1B1734", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2D83E3E-A360-4547-938D-A8D895CBD6CE", "versionEndIncluding": "14.0.1", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "7C8D0EF7-9C65-4491-B358-DB1AAB0EA1FF", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CCD3CF9-EA9D-43FF-8ADA-713B4B5C468E", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "1886D50C-6B79-4A7F-887B-08093F0C4894", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "439E22C8-A863-4E4A-A7E6-330608C9A982", "versionEndIncluding": "14.0.1", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "79B0C4C9-FCA9-4108-B349-2EFBB4A1153B", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC6612AB-E46B-4A8B-9B3E-C711D8C27962", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "9A8F7E27-37D3-4317-A418-ED20FCFA6544", "versionEndIncluding": "13.1.3.1", "versionStartIncluding": "13.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "D30E2226-F7BD-40C4-A4C8-609C2294130B", "versionEndIncluding": "14.0.1", "versionStartIncluding": "14.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "345C30A6-25BC-4C8E-9F09-FC7DDB39BB79", "versionEndIncluding": "14.1.2", "versionStartIncluding": "14.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF378F37-554E-498A-8471-48F7544A231F", "versionEndIncluding": "15.0.1", "versionStartIncluding": "15.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, under certain conditions tmm may leak memory when processing packet fragments, leading to resource starvation."}, {"lang": "es", "value": "En BIG-IP versiones 15.0.0 hasta la versi\u00f3n 15.0.1, 14.1.0 hasta la versi\u00f3n 14.1.2, 14.0.0 hasta la versi\u00f3n 14.0.1 y 13.1.0 hasta 13.1.3.1, en determinadas condiciones, TMM puede perder memoria cuando procesa fragmentos de paquetes, lo que conlleva a la necesidad de recursos."}], "id": "CVE-2019-6671", "lastModified": "2021-07-21T11:39:23.747", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-11-27T22:15:11.787", "references": [{"source": "f5sirt@f5.com", "tags": ["Vendor Advisory"], "url": "https://support.f5.com/csp/article/K39225055"}], "sourceIdentifier": "f5sirt@f5.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}