Bug ID 1496701: PEM CPPE reporting buffer overflow resulting in core

Last Modified: Dec 05, 2024

Affected Product(s):
BIG-IP PEM(all modules)

Fixed In:
17.1.2, 16.1.5

Opened: Jan 28, 2024

Severity: 2-Critical

Symptoms

PEM writes into buffer without checking size hence resulting unknown behavior or core. TMM starts coring and rebooting.

Impact

TMM core, hence service disruption.

Conditions

1) PEM policy with action reporting is configured. 2) Reporting ->hsl-> session-reporting-fields has large number of fields.

Workaround

None

Fix Information

Check the bounds before each write

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips