Vulnerability Description
The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects NetBSD 7.1 and possibly earlier versions.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netbsd | Netbsd | <= 7.1 |
Related Weaknesses (CWE)
References
- http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/qsort.c?rev=1.23&contentThird Party Advisory
- http://www.securityfocus.com/bid/99255Third Party AdvisoryVDB Entry
- https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txtThird Party Advisory
- http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/qsort.c?rev=1.23&contentThird Party Advisory
- http://www.securityfocus.com/bid/99255Third Party AdvisoryVDB Entry
- https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txtThird Party Advisory
FAQ
What is CVE-2017-1000378?
CVE-2017-1000378 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows...
How severe is CVE-2017-1000378?
CVE-2017-1000378 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-1000378?
Check the references section above for vendor advisories and patch information. Affected products include: Netbsd Netbsd.