CVE-2017-1000373 Information

Description

The OpenBSD qsort() function is recursive and not randomized an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

Reference

http://www.securityfocus.com/bid/99177 http://www.securitytracker.com/id/1039427 https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/qsort.c?rev=1.15&content-type=text/x-cvsweb-markup https://support.apple.com/HT208112 https://support.apple.com/HT208113 https://support.apple.com/HT208115 https://support.apple.com/HT208144 https://www.exploit-db.com/exploits/42271/ https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

LOW

Base Severity

6.5