F5-K000148969
First published: Thu Dec 12 2024(Updated: )
There is a LOW severity vulnerability affecting CPython, specifically the 'http.cookies' standard library module. When parsing cookies that contained backslashes for quoted characters in the cookie value, the parser would use an algorithm with quadratic complexity, resulting in excess CPU resources being used while parsing the value.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 BIG-IP Next | >=1.7.0<=1.9.2 | |
| F5 BIG-IP Next | >=1.1.0<=1.3.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of F5-K000148969?
The severity of F5-K000148969 is classified as low.
How do I fix F5-K000148969?
To fix F5-K000148969, update your affected F5 software to a version that addresses the vulnerability.
Which versions are affected by F5-K000148969?
F5-K000148969 affects F5 BIG-IP Next Service Proxy versions from 1.7.0 to 1.9.2 and BIG-IP Next Cloud-Native Network Functions versions from 1.1.0 to 1.3.3.
What component of CPython is involved in F5-K000148969?
F5-K000148969 involves the 'http.cookies' standard library module within CPython.
Can F5-K000148969 lead to system resource depletion?
Yes, F5-K000148969 can result in excess CPU resource consumption due to the quadratic complexity of the cookie parsing algorithm.
- agent/severity
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/type
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- collector/f5-advisory
- source/F5
- alias/CVE-2024-7592
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/f5
- canonical/f5 big-ip next
- version/f5 big-ip next/1.7.0
- version/f5 big-ip next/1.9.2
- version/f5 big-ip next/1.1.0
- version/f5 big-ip next/1.3.3