Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2017-1000376

Опубликовано: 19 июн. 2017
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 6.9
CVSS3: 7

Описание

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.

РелизСтатусПримечание
artful

not-affected

3.2.1-6
devel

not-affected

3.2.1-6
esm-infra-legacy/trusty

released

3.1~rc1+r3.0.13-12ubuntu0.2
esm-infra/xenial

not-affected

precise/esm

not-affected

3.0.11~rc1-5ubuntu0.1
trusty

released

3.1~rc1+r3.0.13-12ubuntu0.2
trusty/esm

released

3.1~rc1+r3.0.13-12ubuntu0.2
upstream

released

3.2.1-4
vivid/ubuntu-core

ignored

end of life
xenial

not-affected

Показывать по

Ссылки на источники

EPSS

Процентиль: 61%
0.00419
Низкий

6.9 Medium

CVSS2

7 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2017-1000376

CVSS3: 7
nvd
больше 8 лет назад

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.

debian логотип

CVE-2017-1000376

CVSS3: 7
debian
больше 8 лет назад

libffi requests an executable stack allowing attackers to more easily ...

suse-cvrf логотип

SUSE-SU-2018:0300-1

suse-cvrf
около 8 лет назад

Security update for gcc43

github логотип

GHSA-8jcm-439f-pj4q

CVSS3: 7
github
больше 3 лет назад

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.

fstec логотип

BDU:2018-00006

CVSS3: 7
fstec
больше 8 лет назад

Уязвимость библиотеки libffi, вызванная выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 61%
0.00419
Низкий

6.9 Medium

CVSS2

7 High

CVSS3