VIR Vulnerability Intelligence Relay

CVE-2015-5058

high
Published 2015-08-24 · Modified 2026-05-06
CVSS v3
CVSS v2
7.8
VIR risk
7.8

Description

Memory leak in the virtual server component in F5 Big-IP LTM, AAM, AFM, Analytics, APM, ASM, GTM, Link Controller, and PEM 11.5.x before 11.5.1 HF10, 11.5.3 before HF1, and 11.6.0 before HF5, BIG-IQ Cloud, Device, and Security 4.4.0 through 4.5.0, and BIG-IQ ADC 4.5.0 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted ICMP packets.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://support.f5.com/kb/en-us/solutions/public/17000/000/sol17047.html

Application impact
VendorProductVersionsFixed
f5big-ip_access_policy_manager11.5.1
f5big-ip_access_policy_manager11.5.3
f5big-ip_access_policy_manager11.6.0
f5big-ip_advanced_firewall_manager11.5.1
f5big-ip_advanced_firewall_manager11.5.3
f5big-ip_advanced_firewall_manager11.6.0
f5big-ip_analytics11.5.1
f5big-ip_analytics11.5.3
f5big-ip_analytics11.6.0
f5big-ip_application_acceleration_manager11.5.1
f5big-ip_application_acceleration_manager11.5.3
f5big-ip_application_acceleration_manager11.6.0
f5big-ip_application_security_manager11.5.1
f5big-ip_application_security_manager11.5.3
f5big-ip_application_security_manager11.6.0
f5big-ip_global_traffic_manager11.5.1
f5big-ip_global_traffic_manager11.5.3
f5big-ip_global_traffic_manager11.6.0
f5big-ip_link_controller11.5.1
f5big-ip_link_controller11.5.3
f5big-ip_link_controller11.6.0
f5big-ip_local_traffic_manager11.5.1
f5big-ip_local_traffic_manager11.5.3
f5big-ip_local_traffic_manager11.6.0
f5big-iq_adc4.5.0
f5big-iq_cloud4.4.0
f5big-iq_cloud4.5.0
f5big-iq_device4.4.0
f5big-iq_device4.5.0
f5big-iq_security4.4.0
f5big-iq_security4.5.0

References

CWEs

CWE-399

Verify integrity in audit chain (admin only). AS-IS.