On BIG-IP 13.1.0-13.1.0.7, a remote attacker using undisclosed methods against virtual servers configured with a Client SSL or Server SSL profile that has the SSL Forward Proxy feature enabled can force the Traffic Management Microkernel (tmm) to leak memory. As a result, system memory usage increases over time, which may eventually cause a decrease in performance or a system reboot due to memory exhaustion.
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Big-ip_access_policy_manager | F5 | 13.0.0 (including) | 13.1.0.7 (including) |
Big-ip_advanced_firewall_manager | F5 | 13.0.0 (including) | 13.1.0.7 (including) |
Big-ip_analytics | F5 | 13.0.0 (including) | 13.1.0.7 (including) |
Big-ip_application_acceleration_manager | F5 | 13.0.0 (including) | 13.1.0.7 (including) |
Big-ip_application_security_manager | F5 | 13.0.0 (including) | 13.1.0.7 (including) |
Big-ip_domain_name_system | F5 | 13.0.0 (including) | 13.1.0.7 (including) |
Big-ip_edge_gateway | F5 | 13.0.0 (including) | 13.1.0.7 (including) |
Big-ip_global_traffic_manager | F5 | 13.0.0 (including) | 13.1.0.7 (including) |
Big-ip_link_controller | F5 | 13.0.0 (including) | 13.1.0.7 (including) |
Big-ip_local_traffic_manager | F5 | 13.0.0 (including) | 13.1.0.7 (including) |
Big-ip_policy_enforcement_manager | F5 | 13.0.0 (including) | 13.1.0.7 (including) |
Big-ip_webaccelerator | F5 | 13.0.0 (including) | 13.1.0.7 (including) |
Big-ip_websafe | F5 | 13.0.0 (including) | 13.1.0.7 (including) |