CVE-2017-1000376 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Project Libffi
CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer13 documents9 sources
Severity
7.0HIGHNVD
EPSS
0.5%
top 33.72%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 19
Latest updateMay 13
Description
libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.
CVSS vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9
Affected Packages3 packages
Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 6.0, 7.0
🔴Vulnerability Details
3GHSA▶
GHSA-8jcm-439f-pj4q: libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack↗2022-05-13
CVEList▶
CVE-2017-1000376: libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack↗2017-06-19
OSV▶
CVE-2017-1000376: libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack↗2017-06-19
📋Vendor Advisories
5Debian▶
CVE-2017-1000376: libffi - libffi requests an executable stack allowing attackers to more easily trigger ar...↗2017
💬Community
4Bugzilla
▶