CyberSec.Space Logo
Back to CVE Browser

CVE-2017-1000378

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1310%
EPSS Percentile1.65th
PublishedJun 19, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects NetBSD 7.1 and possibly earlier versions.

Affected Platforms (CPE)

πŸ’»
Netbsd

Netbsd

<= 7.1

References & Advisories

πŸ”— http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/qsort.c?rev=1.23&content-type=text/x-cvsweb-markup
πŸ”— http://www.securityfocus.com/bid/99255
πŸ”— https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
πŸ”— http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/qsort.c?rev=1.23&content-type=text/x-cvsweb-markup
πŸ”— http://www.securityfocus.com/bid/99255
πŸ”— https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

Related Vulnerabilities

CVE-2006-430410.0

Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3...

CVE-2000-095210.0

global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metach...

CVE-2017-10003749.8

A flaw exists in NetBSD's implementation of the stack guard page that allows attackers to bypass it resulting in arbitrary code ex...

CVE-2017-10003759.8

NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more...