A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS. (CVE-2017-15118)
Impact
There is no impact; F5 products are not affected by this vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip afm | eq | 11.5.1 | |
big-ip afm | eq | 11.5.2 | |
big-ip afm | eq | 11.5.3 | |
big-ip afm | eq | 11.5.4 | |
big-ip afm | eq | 11.5.5 | |
big-ip afm | eq | 11.6.1 | |
big-ip afm | eq | 11.6.2 | |
big-ip afm | eq | 12.0.0 | |
big-ip afm | eq | 12.1.0 | |
big-ip afm | eq | 12.1.1 |