Bug ID 1470329: PEM: Multiple layers of callback cookies need input validation in order to prevent crashes.

Last Modified: Jul 25, 2024

Affected Product(s):
BIG-IP PEM(all modules)

Known Affected Versions:
14.1.4.4, 14.1.4.5, 14.1.4.6, 14.1.5, 14.1.5.1, 14.1.5.2, 14.1.5.3, 14.1.5.4, 14.1.5.6

Fixed In:
16.1.5

Opened: Dec 28, 2023

Severity: 3-Major

Symptoms

TMM core and restart because of PEM.

Impact

TMM restarts. Service disruption.

Conditions

1)PEM session attribute lookup via spmdb_session_attr_session_lookup_cb 2) The callback function in the cookie is null.

Workaround

None

Fix Information

Fix: adding null check for callback function.

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips