CVE-2017-1000376
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.
libffi solicita una pila ejecutable que permite que los atacantes desencadenen con más facilidad la ejecución de código arbitrario sobrescribiendo la pila. Se debe tener en cuenta que libffi es empleado por otras bibliotecas. Antes se dijo que esto afecta a la versión 3.2.1 de libffi, pero parece ser incorrecto. libffi en versiones anteriores a la 3.1 en sistemas x86 de 32 bits era vulnerable y se cree que upstream ha solucionado este problema en la versión 3.1.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-06-19 CVE Reserved
- 2017-06-19 CVE Published
- 2023-09-23 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2017-1000376 | Third Party Advisory | |
| https://www.oracle.com/security-alerts/cpujan2020.html | Third Party Advisory |
|
| https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3889 | 2023-09-22 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Enterprise Virtualization Server Search vendor "Redhat" for product "Enterprise Virtualization Server" | - | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Search vendor "Redhat" for product "Openshift" | 2.0 Search vendor "Redhat" for product "Openshift" and version "2.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Libffi Project Search vendor "Libffi Project" | Libffi Search vendor "Libffi Project" for product "Libffi" | < 3.2 Search vendor "Libffi Project" for product "Libffi" and version " < 3.2" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Peopletools Search vendor "Oracle" for product "Peopletools" | 8.56 Search vendor "Oracle" for product "Peopletools" and version "8.56" | - |
Affected
| ||||||
| Oracle Search vendor "Oracle" | Peopletools Search vendor "Oracle" for product "Peopletools" | 8.57 Search vendor "Oracle" for product "Peopletools" and version "8.57" | - |
Affected
| ||||||