CVE-2017-1000375

CRITICAL

NetBSD <7.1 - RCE

Title source: llm

Description

NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Qualys Corporation · cdosnetbsd_x86

https://www.exploit-db.com/exploits/42272

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/99257

[Exploit, Third Party Advisory] https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/42272/

Scores

CVSS v3 9.8

EPSS 0.3841

EPSS Percentile 97.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-119

Status draft

Affected Products (1)

netbsd/netbsd < 7.1

Timeline

Published Jun 19, 2017

Tracked Since Feb 18, 2026