F5-K000139685
First published: Tue May 21 2024(Updated: )
An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 BIG-IP and BIG-IQ Centralized Management | >=17.1.0<=17.1.1 | |
| F5 BIG-IP and BIG-IQ Centralized Management | >=16.1.0<=16.1.4 | |
| F5 BIG-IP and BIG-IQ Centralized Management | >=15.1.0<=15.1.10 | |
| F5 Traffix Systems Signaling Delivery Controller | =5.1.0 | 5.2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of F5-K000139685?
The severity of F5-K000139685 is considered high due to its impact on TLS client authentication.
How do I fix F5-K000139685?
To fix F5-K000139685, upgrade to the latest versions of affected F5 products as specified in the advisory.
Which versions of Python are affected by F5-K000139685?
Python versions before 3.8.18, all 3.9.x versions prior to 3.9.18, all 3.10.x versions before 3.10.13, and all 3.11.x versions before 3.11.5 are affected.
What products are affected by F5-K000139685?
The affected products include F5 BIG-IP versions 17.1.0 to 17.1.1, 16.1.0 to 16.1.4, 15.1.0 to 15.1.10, and F5 Traffix Systems Signaling Delivery Controller version 5.1.0.
What type of issue is described in F5-K000139685?
F5-K000139685 describes a vulnerability in TLS client authentication that affects server-side socket implementations.
- agent/references
- agent/last-modified-date
- agent/severity
- agent/type
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/softwarecombine
- collector/f5-advisory
- source/F5
- alias/CVE-2023-40217
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/f5
- canonical/f5 big-ip and big-iq centralized management
- version/f5 big-ip and big-iq centralized management/17.1.0
- version/f5 big-ip and big-iq centralized management/17.1.1
- version/f5 big-ip and big-iq centralized management/16.1.0
- version/f5 big-ip and big-iq centralized management/16.1.4
- version/f5 big-ip and big-iq centralized management/15.1.0
- version/f5 big-ip and big-iq centralized management/15.1.10
- canonical/f5 traffix systems signaling delivery controller
- version/f5 traffix systems signaling delivery controller/5.1.0