CVE-2018-5500

Name of the Vulnerable Software and Affected Versions F5 BIG-IP versions 11.6.1 through 11.6.2 F5 BIG-IP versions 12.1.0 through 12.1.3.1 F5 BIG-IP version 13.0.0

Description The issue affects F5 BIG-IP systems where every Multipath TCP (MCTCP) connection established leaks a small amount of memory. Virtual servers using a TCP profile with the Multipath TCP (MCTCP) feature enabled are affected by this issue.

Recommendations For F5 BIG-IP version 13.0.0, consider disabling the Multipath TCP (MCTCP) feature until a patch is available. For F5 BIG-IP versions 12.1.0 through 12.1.3.1, restrict the use of the TCP profile with the Multipath TCP (MCTCP) feature enabled to minimize the risk of exploitation. For F5 BIG-IP versions 11.6.1 through 11.6.2, avoid using the Multipath TCP (MCTCP) feature in virtual servers until the issue is resolved.