An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application. (CVE-2016-0718)
Impact
A remote attacker could send specially crafted XML which, when parsed by an application using the Expat library, would cause that application to stop responding or possibly run arbitrary code with the permission of the user running the application.
BIG-IP ASM control plane
An authenticated user with the relevant privileges, such as Web Application Security Editor, can exploit the vulnerability and gain full control of the system.
big3d/gtmd
The big3d/gtmd processes may be exposed to this vulnerability over the management port and self IP addresses when thePort Lockdownsetting is set toDefault,All, orCustomwith TCP port 4353 included. The impact for thebig3dprocess is a temporary disruption in the communication between peer systems until the system automatically restarts thebig3d process.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip afm | eq | 11.4.1 | |
big-ip afm | eq | 11.5.0 | |
big-ip afm | eq | 11.5.1 | |
big-ip afm | eq | 11.5.2 | |
big-ip afm | eq | 11.5.3 | |
big-ip afm | eq | 11.5.4 | |
big-ip afm | eq | 11.5.5 | |
big-ip afm | eq | 11.5.6 | |
big-ip afm | eq | 11.5.7 | |
big-ip afm | eq | 11.6.0 |