Last Modified: Sep 13, 2023
Affected Product(s):
BIG-IP APM
Known Affected Versions:
10.2.1, 10.2.2, 10.2.3, 10.2.4, 11.0.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.5.1 HF1, 11.6.1 HF1, 11.5.1 HF2, 11.6.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2 HF1, 11.6.2 HF1, 11.5.3 HF1, 11.5.3 HF2, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.1.0, 11.2.0, 11.2.1, 11.3.0, 11.4.0, 11.4.1
Fixed In:
11.4.1 HF4, 11.4.0 HF6, 11.3.0 HF9
Opened: Jan 13, 2014 Severity: 3-Major Related Article:
K15658
If "Complexity check for Password Reset" option is enabled in an Active Directory (AD) agent, then the APD process may throw an exception in some conditions. That will cause APD to leak memory.
memory leak in APD process
"Complexity check for Password Reset" option is enabled user's displayName attribute contains special characters (e.g. "(" ")" "{" or any other). password change is requested during user's logon process
disable password complexity check if displayName contains special characters
after fix, AD module handles displayName properly even if it contains special characters, exception doesn't happen. AD module is exception safe, even if exception happens in any other situation, APD doesn't leak memory in AD module code.