| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2017-1000377 |
119 |
|
Overflow Bypass |
2017-06-19 |
2017-07-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects PAX Linux Kernel versions as of June 19, 2017 (specific version information is not available at this time). |
|
2 |
CVE-2017-1000376 |
119 |
|
Exec Code Overflow |
2017-06-19 |
2020-01-15 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1. |
|
3 |
CVE-2017-1000375 |
119 |
|
Exec Code Overflow |
2017-06-19 |
2017-08-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions. |
|
4 |
CVE-2017-1000366 |
119 |
|
Exec Code Overflow |
2017-06-19 |
2020-10-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier. |
|
5 |
CVE-2017-1000364 |
119 |
|
Overflow Bypass |
2017-06-19 |
2018-10-18 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010). |
|
6 |
CVE-2017-1000363 |
787 |
|
Overflow |
2017-07-17 |
2023-01-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary (can happen due to bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a vulnerability the adversary has partial control over the command line) can overflow the parport_nr array in the following code, by appending many (>LP_NO) 'lp=none' arguments to the command line. |
|
7 |
CVE-2017-1000257 |
119 |
|
Overflow |
2017-10-31 |
2018-11-13 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
|
An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl's deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded. |
|
8 |
CVE-2017-1000254 |
119 |
|
Overflow |
2017-10-06 |
2021-06-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote. |
|
9 |
CVE-2017-1000253 |
119 |
|
Overflow |
2017-10-05 |
2023-01-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (committed on April 14, 2015). This kernel vulnerability was fixed in April 2015 by commit a87938b2e246b81b4fb713edb371a9fa3c5c3c86 (backported to Linux 3.10.77 in May 2015), but it was not recognized as a security threat. With CONFIG_ARCH_BINFMT_ELF_RANDOMIZE_PIE enabled, and a normal top-down address allocation strategy, load_elf_binary() will attempt to map a PIE binary into an address range immediately below mm->mmap_base. Unfortunately, load_elf_ binary() does not take account of the need to allocate sufficient space for the entire binary which means that, while the first PT_LOAD segment is mapped below mm->mmap_base, the subsequent PT_LOAD segment(s) end up being mapped above mm->mmap_base into the are that is supposed to be the "gap" between the stack and the binary. |
|
10 |
CVE-2017-1000251 |
787 |
|
Exec Code Overflow |
2017-09-12 |
2023-01-19 |
7.7 |
None |
Local Network |
Low |
??? |
Complete |
Complete |
Complete |
|
The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. |
|
11 |
CVE-2017-1000249 |
119 |
|
Overflow |
2017-09-11 |
2017-11-08 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
An issue in file() was introduced in commit 9611f31313a93aa036389c5f3b15eea53510d4d1 (Oct 2016) lets an attacker overwrite a fixed 20 bytes stack buffer with a specially crafted .notes section in an ELF binary. This was fixed in commit 35c94dc6acc418f1ad7f6241a6680e5327495793 (Aug 2017). |
|
12 |
CVE-2017-1000229 |
190 |
|
DoS Exec Code Overflow |
2017-11-17 |
2019-05-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 allows an attacker to remotely execute code or cause denial of service. |
|
13 |
CVE-2017-1000218 |
119 |
|
DoS Exec Code Overflow |
2017-11-17 |
2017-11-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
LightFTP version 1.1 is vulnerable to a buffer overflow in the "writelogentry" function resulting a denial of services or a remote code execution. |
|
14 |
CVE-2017-1000210 |
119 |
|
DoS Exec Code Overflow |
2017-11-17 |
2017-11-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer overflow resulting in code execution or denial of service attack |
|
15 |
CVE-2017-1000206 |
119 |
|
Exec Code Overflow |
2017-11-17 |
2017-12-01 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution |
|
16 |
CVE-2017-1000198 |
119 |
|
DoS Overflow |
2017-11-17 |
2017-12-02 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid memory references in the handler_glfs.so handler resulting in denial of service |
|
17 |
CVE-2017-1000187 |
119 |
|
Overflow |
2017-11-17 |
2017-11-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In SWFTools, an address access exception was found in pdf2swf. FoFiTrueType::writeTTF() |
|
18 |
CVE-2017-1000186 |
119 |
|
Overflow |
2017-11-17 |
2017-11-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In SWFTools, a stack overflow was found in pdf2swf. |
|
19 |
CVE-2017-1000185 |
119 |
|
Overflow |
2017-11-17 |
2017-11-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In SWFTools, a memcpy buffer overflow was found in gif2swf. |
|
20 |
CVE-2017-1000176 |
119 |
|
Overflow |
2017-11-17 |
2017-11-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In SWFTools, a memcpy buffer overflow was found in swfc. |
|
21 |
CVE-2017-1000174 |
119 |
|
Overflow |
2017-11-17 |
2017-11-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In SWFTools, an address access exception was found in swfdump swf_GetBits(). |
|
22 |
CVE-2017-1000173 |
125 |
|
Exec Code Overflow |
2017-11-17 |
2019-10-03 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop whiling pushing data to a buffer, we can break out of the bounds checking of that buffer. When list.join is called on the data it will read past a buffer resulting in a Heap-Buffer-Overflow. |
|
23 |
CVE-2017-1000158 |
190 |
|
Exec Code Overflow |
2017-11-17 |
2023-02-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow in the PyString_DecodeEscape function in stringobject.c, resulting in heap-based buffer overflow (and possible arbitrary code execution) |
|
24 |
CVE-2017-1000127 |
119 |
|
Overflow |
2017-11-17 |
2017-11-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Exiv2 0.26 contains a heap buffer overflow in tiff parser |
|
25 |
CVE-2017-1000121 |
190 |
|
Overflow |
2017-11-01 |
2017-11-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, does not properly validate message size metadata, allowing a compromised secondary process to trigger an integer overflow and subsequent buffer overflow in the UI process. This vulnerability does not affect Apple products. |
|
26 |
CVE-2017-1000118 |
119 |
|
DoS Overflow |
2017-10-05 |
2017-10-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Akka HTTP versions <= 10.0.5 Illegal Media Range in Accept Header Causes StackOverflowError Leading to Denial of Service |
|
27 |
CVE-2017-1000101 |
119 |
|
Overflow |
2017-10-05 |
2018-11-13 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`. |
|
28 |
CVE-2017-1000075 |
119 |
|
Overflow |
2017-07-17 |
2017-07-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function |
|
29 |
CVE-2017-1000074 |
119 |
|
Overflow |
2017-07-17 |
2017-07-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function. |
|
30 |
CVE-2017-1000073 |
119 |
|
Exec Code Overflow |
2017-07-17 |
2017-07-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary code execution. |
|
31 |
CVE-2017-1000044 |
119 |
|
Overflow Mem. Corr. |
2017-07-17 |
2017-07-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly when updating framebuffer which may lead to memory corruption when rendering |
|
32 |
CVE-2017-17968 |
119 |
|
Exec Code Overflow |
2017-12-29 |
2018-01-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A buffer overflow vulnerability in NetTransport.exe in NetTransport Download Manager 2.96L and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long HTTP response. |
|
33 |
CVE-2017-17932 |
119 |
|
DoS Exec Code Overflow |
2017-12-28 |
2019-05-10 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ALLMediaServer 0.95 and earlier that could allow remote attackers to execute arbitrary code and/or cause denial of service on the victim machine/computer via a long string to TCP port 888. |
|
34 |
CVE-2017-17866 |
119 |
|
DoS Overflow |
2017-12-27 |
2019-03-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain length changes when a repair operation occurs during a clean operation, which allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a crafted PDF document. |
|
35 |
CVE-2017-17863 |
190 |
|
DoS Overflow |
2017-12-27 |
2018-03-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not check the relationship between pointer values and the BPF stack, which allows local users to cause a denial of service (integer overflow or invalid memory access) or possibly have unspecified other impact. |
|
36 |
CVE-2017-17857 |
119 |
|
DoS Overflow Mem. Corr. |
2017-12-27 |
2023-02-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations. |
|
37 |
CVE-2017-17856 |
119 |
|
DoS Overflow Mem. Corr. |
2017-12-27 |
2023-02-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement. |
|
38 |
CVE-2017-17855 |
119 |
|
DoS Overflow Mem. Corr. |
2017-12-27 |
2023-02-24 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars. |
|
39 |
CVE-2017-17854 |
190 |
|
DoS Overflow Mem. Corr. |
2017-12-27 |
2023-02-07 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic. |
|
40 |
CVE-2017-17853 |
119 |
|
DoS Overflow Mem. Corr. |
2017-12-27 |
2023-01-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations. |
|
41 |
CVE-2017-17852 |
119 |
|
DoS Overflow Mem. Corr. |
2017-12-27 |
2023-01-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops. |
|
42 |
CVE-2017-17849 |
119 |
|
Exec Code Overflow |
2017-12-27 |
2018-07-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 and earlier could allow remote HTTP servers to execute arbitrary code on NAS devices via a long response. |
|
43 |
CVE-2017-17840 |
119 |
|
Exec Code Overflow |
2017-12-27 |
2018-01-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation. |
|
44 |
CVE-2017-17821 |
119 |
|
DoS Overflow |
2017-12-21 |
2018-01-10 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology Preview Release 46, allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact because it calls the FastBitVectorWordOwner::resizeSlow function (in WTF/wtf/FastBitVector.cpp) for a purpose other than initializing a bitvector size, and resizeSlow mishandles cases where the old array length is greater than the new array length. |
|
45 |
CVE-2017-17811 |
119 |
|
DoS Overflow |
2017-12-21 |
2019-03-26 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer overflow that will cause a remote denial of service attack, related to a strcpy in paste_tokens in asm/preproc.c, a similar issue to CVE-2017-11111. |
|
46 |
CVE-2017-17806 |
787 |
|
Overflow |
2017-12-20 |
2023-01-19 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The HMAC implementation (crypto/hmac.c) in the Linux kernel before 4.14.8 does not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization. |
|
47 |
CVE-2017-17789 |
787 |
|
Overflow |
2017-12-20 |
2022-02-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In GIMP 2.8.22, there is a heap-based buffer overflow in read_channel_data in plug-ins/common/file-psp.c. |
|
48 |
CVE-2017-17785 |
787 |
|
Overflow |
2017-12-20 |
2022-02-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In GIMP 2.8.22, there is a heap-based buffer overflow in the fli_read_brun function in plug-ins/file-fli/fli.c. |
|
49 |
CVE-2017-17760 |
119 |
|
Overflow |
2017-12-29 |
2021-12-16 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData function in grfmt_pxm.cpp, because an incorrect size value is used. |
|
50 |
CVE-2017-17740 |
119 |
|
DoS Overflow |
2017-12-18 |
2022-06-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both the nops module and the memberof overlay are enabled, attempts to free a buffer that was allocated on the stack, which allows remote attackers to cause a denial of service (slapd crash) via a member MODDN operation. |
