CVE-2015-5058 — Missing Release of Memory after Effective Lifetime in F5 Big-ip Analytics

CWE-3993 documents3 sources

Severity

7.8HIGHNVD

EPSS

0.8%

top 25.63%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

F5 Big-ip Access Policy Manager F5 Big-ip Advanced Firewall Manager F5 Big-ip Analytics +9 more

Timeline

PublishedAug 24

Latest updateMay 17

Description

Memory leak in the virtual server component in F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.5.x before 11.5.1 HF10, 11.5.3 before HF1, and 11.6.0 before HF5, BIG-IQ Cloud, Device, and Security 4.4.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted ICMP packets.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages12 packages

▶NVDf5/big-ip_link_controller11.5.1, 11.5.3, 11.6.0+2

▶NVDf5/big-iq_cloud4.4.0, 4.5.0+1

▶NVDf5/big-iq_device4.4.0, 4.5.0+1

▶NVDf5/big-iq_security4.4.0, 4.5.0+1

▶NVDf5/big-ip_analytics11.5.1, 11.5.3, 11.6.0+2

🔴Vulnerability Details

GHSA

GHSA-w63f-w97q-mwg5: Memory leak in the virtual server component in F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11↗2022-05-17

▶

CVEList

CVE-2015-5058: Memory leak in the virtual server component in F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11↗2015-08-24

▶