libxml2 and CVE-2024-25062

Question

Good day All,&nbsp;Apologies for the silly question but I am new to F5, when I was running iHealth on my BigIP running V17.1.2.1 it flagged the above CVE-2024-25062.&nbsp; Is this for the version 17.1.0 - 17.1.2 which includes mine, in general? I am thinking this doesn't affect me because when I look in services (local traffic -&gt; profiles -&gt; services) I don't even see XML, unless I am looking in the wrong place.&nbsp; I also went into the command line did a find on libxml2 and xml2 and didn't find and directories.&nbsp; When I did a find on just xml I did find a few directories but nothing on xml2.&nbsp; So is it safe to say this doesn't affect me or am I wrong?&nbsp;Thank you in advance!!&nbsp;Warren

aswin_mk · Answer

Hi,
&nbsp;
It will affect on the components like "XML content-based routing, wap monitor, external monitor, AAM image optimization, ASM XML profiles". but the version V17.1.2.1 have so many another known vulnerabilities, if needed you can test and upgrade to 17.5
&nbsp;

F5 Networks: CVE-2021-31566: K000140963: libarchive vulnerability CVE-2021-31566

F5 Networks: CVE-2022-43680: K000139525: Libexpat vulnerability CVE-2022-43680

F5 Networks: CVE-2023-52881: K000148479: Linux kernel vulnerability CVE-2023-52881

F5 Networks: CVE-2024-38477: K000140784: Apache HTTPD vulnerability CVE-2024-38477

Forum Discussion

libxml2 and CVE-2024-25062

1 Reply

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

Can I use F5 Big-IP WAF as HoneyPot

ssh on slot1 failed f5 viprion

SSH forward proxy

Multiple Default Gateways

ASM Sec-CH-UA-Full-Version-List backquote in Header

Related Content

F5 NGINX Plus R34 Release Now Available

Re: someone give me some samples of icontrol used stardard language C not C++

Re: irule editor - linux

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS