Vulnerability CVE-2017-1000376


Published: 2017-06-19

Description:
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.

Type:

CWE-119

(Improper Restriction of Operations within the Bounds of a Memory Buffer)

CVSS2 => (AV:L/AC:M/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.9/10
10/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Redhat -> Enterprise virtualization server 
Redhat -> Openshift 
Redhat -> Enterprise linux 
Debian -> Debian linux 

 References:
http://www.debian.org/security/2017/dsa-3889
https://access.redhat.com/security/cve/CVE-2017-1000376
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

Copyright 2024, cxsecurity.com

 

Back to Top