Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-1000373Uncontrolled Resource Consumption in Openbsd

CWE-400Uncontrolled Resource Consumption8 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
17.0%
top 5.01%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Openbsd
Timeline
PublishedJun 19
Latest updateMay 17

Description

The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:LExploitability: 3.9 | Impact: 2.5

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-wcg9-65qx-c5vj: The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort()2022-05-17
CVEList
CVE-2017-1000373: The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort()2017-06-19

💥Exploits & PoCs

1
Exploit-DB
OpenBSD - 'at Stack Clash' Local Privilege Escalation2017-06-28

📋Vendor Advisories

4
Apple
CVE-2017-1000373: macOS High Sierra 10.132017-09-25
Apple
CVE-2017-1000373: iOS 112017-09-19
Apple
CVE-2017-1000373: tvOS 112017-09-19
Apple
CVE-2017-1000373: watchOS 42017-09-19