Published: 19/06/2017 Updated: 22/09/2023

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1

VMScore: 615

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

libffi requests an executable stack allowing malicious users to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.

Vulnerable Product	Search on Vulmon	Subscribe to Product
redhat enterprise virtualization server -
redhat enterprise linux 7.0
redhat enterprise linux 6.0
redhat openshift 2.0
debian debian linux 8.0
debian debian linux 9.0
libffi project libffi
oracle peopletools 8.57
oracle peopletools 8.56

A security issue was fixed in libffi ...

libffi, a library used to call code written in one language from code written in a different language, was enforcing an executable stack on the i386 architecture While this might not be considered a vulnerability by itself, this could be leveraged when exploiting other vulnerabilities, like for example the stack clash class of vulnerabilities disc ...

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack Please note that libffi is used by a number of other libraries This affects libffi version 321 ...

CWE-119 https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt https://access.redhat.com/security/cve/CVE-2017-1000376 http://www.debian.org/security/2017/dsa-3889 https://www.oracle.com/security-alerts/cpujan2020.html https://nvd.nist.gov https://usn.ubuntu.com/3454-2/

CVE-2017-1000376

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect