Vulnerability Description
The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openbsd | Openbsd | <= 6.1 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/99177Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039427
- https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/qsort.c?rev=1.15&cMitigationThird Party Advisory
- https://support.apple.com/HT208112
- https://support.apple.com/HT208113
- https://support.apple.com/HT208115
- https://support.apple.com/HT208144
- https://www.exploit-db.com/exploits/42271/
- https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txtThird Party Advisory
- http://www.securityfocus.com/bid/99177Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039427
- https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/qsort.c?rev=1.15&cMitigationThird Party Advisory
- https://support.apple.com/HT208112
- https://support.apple.com/HT208113
- https://support.apple.com/HT208115
FAQ
What is CVE-2017-1000373?
CVE-2017-1000373 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allow...
How severe is CVE-2017-1000373?
CVE-2017-1000373 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-1000373?
Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openbsd.