CVE-2017-8703 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Corporation Windows Subsystem FOR Linux

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents6 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 37.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Corporation Windows Subsystem FOR Linux Microsoft Windows 10 Msrc Windows 10 Version 1703 FOR X64-based Systems

Timeline

PublishedOct 13

Latest updateMay 17

Description

The Microsoft Windows Subsystem for Linux on Microsoft Windows 10 1703 allows a denial of service vulnerability when it improperly handles objects in memory, aka "Windows Subsystem for Linux Denial of Service Vulnerability".

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

▶CVEListV5microsoft_corporation/windows_subsystem_for_linuxMicrosoft Windows 10 1703

▶NVDmicrosoft/windows_101703

▶msrcmsrc/windows_10_version_1703_for_x64-based_systems

Patches

Patch: portal.msrc.microsoft.com ↗Patch: portal.msrc.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-532m-9cc8-mggr: The Microsoft Windows Subsystem for Linux on Microsoft Windows 10 1703 allows a denial of service vulnerability when it improperly handles objects in↗2022-05-17

▶

📋Vendor Advisories

Microsoft

Windows Subsystem for Linux Denial of Service Vulnerability↗2017-10-10

▶

🕵️Threat Intelligence

Krebs

Microsoft’s October Patch Batch Fixes 62 Flaws↗2017-10-11

▶

Krebs

Microsoft’s October Patch Batch Fixes 62 Flaws↗2017-10-11

▶

Talos

Microsoft Patch Tuesday - October 2017↗2017-10-10

▶

💬Community

Bugzilla

CVE-2017-14159 openldap: Privilege escalation via PID file manipulation↗2017-09-06

▶

Bugzilla

CVE-2016-8685 CVE-2016-8686 CVE-2016-8694 CVE-2016-8695 CVE-2016-8696 CVE-2016-8697 CVE-2016-8698 CVE-2016-8699 CVE-2016-8700 CVE-2016-8701 CVE-2016-8702 CVE-2016-8703 CVE-2017-7263 potrace: Multiple ↗2016-10-17

▶