Bug ID 709132: When the BigDB variable tmm.ssl.loggingcreatedcerts is set a buffer overflow can occur

Last Modified: Feb 15, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP LTM(all modules)

Known Affected Versions:
13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 14.0.0, 14.0.0.1, 14.0.0.2

Fixed In:
14.1.0, 14.0.0.3, 13.1.0.8

Opened: Mar 07, 2018
Severity: 3-Major

Symptoms

When the BigDB variable tmm.ssl.loggingcreatedcerts is set, a buffer overflow can occur.

Impact

A off-by-one error causes one byte to write off the end of an array.

Conditions

-- The BigDB variable tmm.ssl.loggingcreatedcerts is set. -- Forward proxy is being used. -- A malformed certificate with a serial number length equal to 256 bytes is parsed during forging.

Workaround

There is no workaround other than to not set tmm.ssl.loggingcreatedcerts BigDB variable.

Fix Information

Buffer no longer overflows.

Behavior Change