CVE-2017-1084
published 2018-09-12CVE-2017-1084: In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results…
PriorityP356high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EXPLOIT
EPSS
15.34%
96.4th percentile
In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results in the possibility a poorly written process could be cause a stack overflow.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freebsd | freebsd | < 11.2 | 11.2 |
| freebsd | freebsd | — | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
FreeBSD - 'FGPE' Stack Clash (PoC)
exploitdb·2017-06-28·CVSS 7.5
CVE-2017-1084 [HIGH] FreeBSD - 'FGPE' Stack Clash (PoC)
FreeBSD - 'FGPE' Stack Clash (PoC)
---
/*
* FreeBSD_CVE-2017-FGPE.c for CVE-2017-1084 (please compile with -O0)
* Copyright (C) 2017 Qualys, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see .
*/
#include
#include
#include
#include
#include
Exploit-DB
FreeBSD - 'FGPU' Stack Clash (PoC)
exploitdb·2017-06-28·CVSS 7.5
CVE-2017-1084 [HIGH] FreeBSD - 'FGPU' Stack Clash (PoC)
FreeBSD - 'FGPU' Stack Clash (PoC)
---
/*
* FreeBSD_CVE-2017-FGPU.c for CVE-2017-1084 (please compile with -O0)
* Copyright (C) 2017 Qualys, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see .
*/
#include
#include
#include
#include
#include
No writeups or analysis indexed.
2018-09-12
Published