Bug ID 436394: Possible crash of tmm when loading an ltm policy that has conditions with numeric parameters

Last Modified: Nov 22, 2021

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
11.4.0, 11.4.1

Fixed In:
11.6.0, 11.4.1 HF2

Opened: Nov 03, 2013
Severity: 3-Major


Under certain circumstances, while processing a configuration update to an ltm policy which contains a doncition with a numeric arguments (e.g. 'index'), the tmm could write a byte just beyond the boundary of an allocated buffer. This could cause tmm to crash while perfoming a subsequent memory allocation.


When this condition is hit tmm continuously crashes as it reads its configuration. Traffic disrupted while tmm restarts.


This crash rarely happens, but when it does, it does so consistently. The problem is related to numeric parameters added to conditions.


If possible remove the numeric parameters to the action.

Fix Information

The condition which could cause memory corruption in tmm on loading a policy which contains conditions with numeric parameters has been fixed.

Behavior Change