libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.
References
Link | Resource |
---|---|
http://www.debian.org/security/2017/dsa-3889 | Third Party Advisory |
https://access.redhat.com/security/cve/CVE-2017-1000376 | Third Party Advisory |
https://www.oracle.com/security-alerts/cpujan2020.html | Third Party Advisory |
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt | Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
22 Sep 2023, 18:25
Type | Values Removed | Values Added |
---|---|---|
First Time |
Oracle peopletools
Oracle Libffi Project libffi Libffi Project |
|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2020.html - Third Party Advisory | |
CPE | cpe:2.3:a:libffi_project:libffi:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:oracle:peopletools:8.57:*:*:*:*:*:*:* |
Information
Published : 2017-06-19 16:29
Updated : 2023-12-10 12:15
NVD link : CVE-2017-1000376
Mitre link : CVE-2017-1000376
CVE.ORG link : CVE-2017-1000376
JSON object : View
Products Affected
redhat
- enterprise_linux
- openshift
- enterprise_virtualization_server
libffi_project
- libffi
oracle
- peopletools
debian
- debian_linux
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer