Vulnerability Details : CVE-2017-1000375
Potential exploit
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions.
Vulnerability category: Overflow
Products affected by CVE-2017-1000375
- cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-1000375
38.41%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-1000375
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2017-1000375
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-1000375
-
https://www.exploit-db.com/exploits/42272/
NetBSD - 'Stack Clash' (PoC)
-
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Exploit;Third Party Advisory
-
http://www.securityfocus.com/bid/99257
NetBSD CVE-2017-1000375 Arbitrary Code Execution VulnerabilityThird Party Advisory;VDB Entry
Jump to