Vulnerability Details : CVE-2017-1084
Potential exploit
In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results in the possibility a poorly written process could be cause a stack overflow.
Vulnerability category: Overflow
Products affected by CVE-2017-1084
- cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-1084
35.96%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 97 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-1084
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2017-1084
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-1084
-
https://www.exploit-db.com/exploits/42277/
FreeBSD - 'FGPU' Stack Clash (PoC)Third Party Advisory;VDB Entry
-
https://www.exploit-db.com/exploits/42278/
FreeBSD - 'FGPE' Stack Clash (PoC)Third Party Advisory;VDB Entry
-
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Exploit;Technical Description;Third Party Advisory
Jump to