Bug ID 2017137

Bug Tracker
ID 2017137

Bug ID 2017137: pkcs11d Crash Risk Due to Unbounded Label/Password Length from MCPd

Last Modified: Oct 15, 2025

Affected Product(s):
BIG-IP None(all modules)

Fixed In:
17.5.1.2, 17.1.3

Opened: Aug 13, 2025

Severity: 2-Critical

Symptoms

Unexpected behaviour or even a crash of pkcs11d

Impact

Configuring the label or password exceeding the allowed length, it could lead to memory corruption, unexpected behavior, or even a crash of the pkcs11d daemon.

Conditions

Configure the label/password values more than or equal to 32 characters.

Workaround

Configure the values with Len 31 or below.

Fix Information

The daemon now gracefully rejects inputs that exceed the length limit, logs an appropriate error, and exits the operation safely.

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips