Published: 19/06/2017 Updated: 24/10/2017

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

CVSS v3 Base Score: 6.5 | Impact Score: 2.5 | Exploitability Score: 3.9

VMScore: 645

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P

The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows malicious users to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
openbsd openbsd

/* * OpenBSD_atc for CVE-2017-1000373 * Copyright (c) 2017 Qualys, Inc * slowsort() adapted from lib/libc/stdlib/qsortc: * * Copyright (c) 1992, 1993 * The Regents of the University of California All rights reserved * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided tha ...

OpenBSD 'at' local stack clash privilege escalation exploit ...

CWE-400 https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/qsort.c?rev=1.15&content-type=text/x-cvsweb-markup http://www.securityfocus.com/bid/99177 https://www.exploit-db.com/exploits/42271/http://www.securitytracker.com/id/1039427 https://support.apple.com/HT208144 https://support.apple.com/HT208115 https://support.apple.com/HT208113 https://support.apple.com/HT208112 https://nvd.nist.gov https://www.exploit-db.com/exploits/42271/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-1000373

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect