Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Known Affected Versions:
10.2.4, 11.2.1, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.1 HF10, 11.5.1 HF11, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.5.4 HF2, 11.5.4 HF3, 11.5.4 HF4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10
Fixed In:
11.6.0, 11.4.1 HF9
Opened: Jul 29, 2014 Severity: 2-Critical
1. possible buffer overflow when session var CookieClientData is >8K 2. inappropriate use of mc_get_session_var in agent that may cause apd crash 3. per-request memory leak of cookies struct
apd might crash apd might leak memory per-request
1. session variable CookieClientData is > 8K 2. apd may crash unexpectedly when HTTP Auth agent cannot get session variable 3. When HTTP Auth agent is configured for an Access Policy apd might leak memory per-request
None
After fix, there is no memory leak in HTTP Auth agent, and it would not crash in HTTP Auth agent