Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2017-1000376

Опубликовано: 19 июн. 2017
Источник: debian
EPSS Низкий

Описание

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libffifixed3.2.1-4package

Примечания

  • https://github.com/libffi/libffi/commit/978c9540154d320525488db1b7049277122f736d

  • and additionally cf. #751907 for the configure flag.

  • https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

EPSS

Процентиль: 61%
0.00419
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2017-1000376

CVSS3: 7
ubuntu
больше 8 лет назад

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.

nvd логотип

CVE-2017-1000376

CVSS3: 7
nvd
больше 8 лет назад

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.

suse-cvrf логотип

SUSE-SU-2018:0300-1

suse-cvrf
около 8 лет назад

Security update for gcc43

github логотип

GHSA-8jcm-439f-pj4q

CVSS3: 7
github
больше 3 лет назад

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.

fstec логотип

BDU:2018-00006

CVSS3: 7
fstec
больше 8 лет назад

Уязвимость библиотеки libffi, вызванная выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 61%
0.00419
Низкий