CVE-2015-5058

Name of the Vulnerable Software and Affected Versions F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM versions 11.5.x through 11.5.1 before HF10 F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM version 11.5.3 before HF1 F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM version 11.6.0 before HF5 BIG-IQ Cloud, Device, and Security versions 4.4.0 through 4.5.0 BIG-IQ ADC version 4.5.0

Description The issue is related to a memory leak in the virtual server component of F5 Big-IP products, including BIG-IP Access Policy Manager, BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Global Traffic Manager, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IQ ADC, BIG-IQ Cloud, BIG-IQ Device, and BIG-IQ Security. This allows remote attackers to cause a denial of service via a large number of crafted ICMP packets.

Recommendations For F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM versions 11.5.x through 11.5.1 before HF10, update to version 11.5.1 HF10 or later. For F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM version 11.5.3 before HF1, update to version 11.5.3 HF1 or later. For F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM version 11.6.0 before HF5, update to version 11.6.0 HF5 or later. For BIG-IQ Cloud, Device, and Security versions 4.4.0 through 4.5.0, update to a version outside of this range. For BIG-IQ ADC version 4.5.0, update to a version later than 4.5.0.