exploitDog

CVE-2017-6198

Опубликовано: 06 фев. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 6.8

EPSS Низкий

Описание

The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space.

Ссылки

https://devco.re/blog/2018/01/26/Sandstorm-Security-Review-CVE-2017-6200-en/
Exploit
Third Party Advisory
https://github.com/sandstorm-io/sandstorm/blob/v0.202/src/sandstorm/supervisor.c++#L824
Vendor Advisory
https://devco.re/blog/2018/01/26/Sandstorm-Security-Review-CVE-2017-6200-en/
Exploit
Third Party Advisory
https://github.com/sandstorm-io/sandstorm/blob/v0.202/src/sandstorm/supervisor.c++#L824
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sandstorm:sandstorm:*:*:*:*:*:*:*:*

Версия до 0.203 (исключая)

EPSS

Процентиль: 69%

0.00604

Низкий

6.5 Medium

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-400

Связанные уязвимости

GHSA-9jf5-h94c-4h3g

CVSS3: 6.5

github

больше 3 лет назад

The Supervisor in Sandstorm doesn't set and enforce the resource limits of a process. This allows remote attackers to cause a denial of service by launching a fork bomb in the sandbox, or by using a large amount of disk space.

EPSS

Процентиль: 69%

0.00604

Низкий

6.5 Medium

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-400