Last Modified: May 29, 2024
Affected Product(s):
BIG-IP LTM
Known Affected Versions:
13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1, 14.1.0, 14.1.0.1, 14.1.0.2, 14.1.0.3, 14.1.0.5, 14.1.0.6, 14.1.2, 14.1.2.1, 14.1.2.2, 14.1.2.3, 14.1.2.4, 15.0.0, 15.0.1, 15.0.1.1, 15.0.1.2, 15.0.1.3
Fixed In:
15.1.0, 15.0.1.4, 14.1.2.5, 13.1.3.5
Opened: Oct 04, 2018 Severity: 3-Major
Symptoms vary based on traffic impacted: Virtual server may reset a connection with the source and/or destination port set to 0 when the client sends an ACK after a 4-way close UDP traffic to virtual server with UDP profile immediate timeout configured or datagram load-balancing can collide with existing connections and be incorrectly sent with source and/or destination port 0.
Virtual server performs an incorrect reset with source or destination port 0, or UDP proxy traffic is sent incorrectly with source and/or destination port 0.
-- Conditions to trigger this issue with TCP traffic: - 3-way handshake initiated by client to virtual server. - Client actively closing the connection - 4-way close. - Client continues to send ACK after 4-way close. -- Conditions to trigger this issue with UDP traffic: - UDP profile has timeout immediate configured or datagram load-balancing. - UDP packet arrives that matches an expiring but still-present connection. -- Provisioned for AFM.
None.
Connection flow collision no longer causes packets to be sent from source port 0.