On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, undisclosed requests to a virtual server may be incorrectly handled by the Traffic Management Microkernel (TMM) URI normalization, which may trigger a buffer overflow, resulting in a DoS attack. In certain situations, it may theoretically allow bypass of URL based access control or remote code execution (RCE). Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 29 Jan 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics kev

{'dateAdded': '2022-01-18'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2025-07-30T01:38:14.868Z

Reserved: 2021-01-06T00:00:00.000Z

Link: CVE-2021-22991

cve-icon Vulnrichment

Updated: 2024-08-03T18:58:26.089Z

cve-icon NVD

Status : Analyzed

Published: 2021-03-31T18:15:14.787

Modified: 2025-04-02T19:09:27.990

Link: CVE-2021-22991

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.