Vigil@nce - F5 BIG-IP: memory leak via ICMP
October 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can send ICMP packets to create a memory leak in F5
BIG-IP, in order to trigger a denial of service.
Impacted products: BIG-IP Hardware, TMOS.
Severity: 2/4.
Creation date: 19/08/2015.
Revision date: 03/09/2015.
DESCRIPTION OF THE VULNERABILITY
The ICMP protocol uses the type field to store the style of
exchanged messages.
However, the memory allocated by F5 BIG-IP to process some ICMP
types is never freed.
An attacker can therefore send ICMP packets to create a memory
leak in F5 BIG-IP, in order to trigger a denial of service.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/F5-BIG-IP-memory-leak-via-ICMP-17715