How severe is CVE-2023-22281?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2023-22281?

This is classified as CWE-908, which is a common weakness in software security.

CVE-2023-22281 - HIGH Severity | CVSS 7.5

Vulnerability Description

On versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a BIG-IP AFM NAT policy with a destination NAT rule is configured on a FastL4 virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Related Vulnerabilities

CVE-2008-0063

HIGH

CVSS:7.5(High)

The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not properly clear the unused portion of a buffer when generating an error message, which might allow remote attackers to obtain sensitiv...

CWE-9082008

CVE-2008-3688

HIGH

CVSS:7.5(High)

sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote attackers to cause a denial of service (hang) by connecting to a non-responsive server, which triggers an infinite loop due to an un...

CWE-9082008

CVE-2009-0949

HIGH

CVSS:7.5(High)

The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointe...

CWE-9082009

CVE-2017-9098

HIGH

CVSS:7.5(High)

ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use uninitialized memory in the RLE decoder, allowing an attacker to leak sensitive information from process memory space, as demonstrated b...

CWE-9082017

CVE-2018-25023

HIGH

CVSS:7.5(High)

An issue was discovered in the smallvec crate before 0.6.13 for Rust. It can create an uninitialized value of any type, including a reference type.

CWE-9082018

CVE-2018-9381

HIGH

CVSS:7.5(High)

In gatts_process_read_by_type_req of gatt_sr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution priv...

CWE-9082018