Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP TMOS
Known Affected Versions:
11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1
Fixed In:
14.0.0, 13.1.1.2, 12.1.3.6, 11.6.3.3
Opened: Oct 26, 2017 Severity: 2-Critical
'session lookup' does not clean up an internal structure after the call finishes. If another iRule module uses the values in this internal structure after a 'session lookup', it may result in a core or other undesired behavior.
The system may core, or result in undefined and/or undesired behavior.
Calling 'session lookup' in an iRule where a result is successfully retrieved, and then calling another module.
Check the return value of 'session lookup' before using another iRule module. If 'session lookup' says that the entry exists, call 'session lookup' again for a key that is known to not exist.
None