Guest

Preview Tool

Cisco Bug: CSCus89286 - ASA Traceback in SSL library due to DMA memory exhaustion

Last Modified

May 16, 2018

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.3(3.2)

Description (partial)

Symptom:
Cisco ASA may crash in DATAPATH thread when AnyConnect client connects or CSM connects via HTTPS. It's highly likely that ASDM can cause the same crash under certain conditions. The crash occurs in SSL library.

Conditions:
This issue was seen in 9.3.3.2 version after upgrade from 9.1.6. Other versions can be affected as well.

The crash happens if the ASA runs out of DMA memory due to SSL activity and after some time the memory is freed. The DMA memory can be exhausted on low-end ASA models if many features are configured, such as two or more syslog servers, HTTP server for ASDM or WebVPN, DHCP server on several interfaces, etc. Refer to CSCub58958 for details.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.