Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection. (CVE-2015-0206)
Remote attackers may be able to cause a denial-of-service (DoS) by way of crafted Datagram Transport Layer Security (DTLS) packets.
If the previous table lists a version in the Versions known to be not vulnerable column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.
F5 is responding to this vulnerability as determined by the parameters defined in K4602: Overview of the F5 security vulnerability response policy.
To mitigate this vulnerability, you can perform the following tasks:
If you are using secure-mode for failover (tmsh list /sys db failover.secure), verify that the failover traffic is only allowed on an isolated Virtual Local Area Network (VLAN).