CVE-2018-15318
HIGHBIG-IP 12.1.3.4-12.1.3.6 13.1.0.4-13.1.1.1 14.0.0-14.0.0.2 - Denial of Service via MPTCP Abort Signal
Title source: llmDescription
In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, If an MPTCP connection receives an abort signal while the initial flow is not the primary flow, the initial flow will remain after the closing procedure is complete. TMM may restart and produce a core file as a result of this condition.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://support.f5.com/csp/article/K16248201
Scores
CVSS v3
7.5
EPSS
0.0061
EPSS Percentile
70.0%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (13)
f5/big-ip_access_policy_manager
12.1.3.4 - 12.1.3.6
f5/big-ip_advanced_firewall_manager
12.1.3.4 - 12.1.3.6
f5/big-ip_analytics
12.1.3.4 - 12.1.3.6
f5/big-ip_application_acceleration_manager
12.1.3.4 - 12.1.3.6
f5/big-ip_domain_name_system
12.1.3.4 - 12.1.3.6
f5/big-ip_edge_gateway
12.1.3.4 - 12.1.3.6
f5/big-ip_fraud_protection_service
12.1.3.4 - 12.1.3.6
f5/big-ip_global_traffic_manager
12.1.3.4 - 12.1.3.6
f5/big-ip_link_controller
12.1.3.4 - 12.1.3.6
f5/big-ip_local_traffic_manager
12.1.3.4 - 12.1.3.6
... and 3 more
Published
Oct 31, 2018
Tracked Since
Feb 18, 2026