Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3
Fixed In:
14.0.0, 13.1.0.4
Opened: Jan 12, 2018 Severity: 3-Major
ampd leaks memory in AD Query agent.
The ampd leaks memory and might cause unstable behavior. The apmd process, or some other daemon may be killed by OOM killer when it tries to allocate memory.
The leak happens in response to any of the following conditions: -- A Kerberos cache reset is requested (any of the caches - GROUP/PSO/KERBEROS). -- Change to associated AAA AD Server were made and new Access Policy is applied. -- AD Query was not able to make ldap_bind to KDC and the error is NOT a timeout (e.g., invalid administrator password).
There is no workaround at this time.
AD Query agent no longer causes apmd memory leak during group cache update.