QID 375934

F5 BIG-IP ASM (Application Security Manager) is a flexible web application firewall that secures web applications in traditional, virtual, and private cloud environments.
F5 BIG-IP (LTM) Local Traffic Manager is the most popular module offered on F5 Networks BIG-IP platform. The real power of the LTM is it is a Full Proxy, allowing you to augment client and server side connections. All while making informed load balancing decisions on availability, performance, and persistence.
F5 BIG-IP Access Policy Manager (APM) is a secure, flexible, high-performance solution that provides unified global access to your network, cloud, and applications.

The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228. (CVE-2020-27618)

Vulnerable Component: BIG-IP ASM, APM, LTM

Affected Versions:
16.0.0 - 16.1.0
15.1.0 - 15.1.3
14.1.0 - 14.1.4
13.1.0 - 13.1.4
12.1.0 - 12.1.6
11.6.1 - 11.6.5

QID Detection Logic(Authenticated):
This QID checks for the vulnerable versions of F5 BIG-IP devices using the tmsh command.

When the infinite loop can be influenced by an attacker, this weakness could allow attackers to consume excessive resources such as CPU or memory resulting in a denial of service (DoS).