CVE-2017-1000378
CRITICALNetBSD - Stack Overflow
Title source: llmDescription
The NetBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects NetBSD 7.1 and possibly earlier versions.
References (3)
Scores
CVSS v3
9.8
EPSS
0.0373
EPSS Percentile
87.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-400
Status
draft
Affected Products (1)
netbsd/netbsd
< 7.1
Timeline
Published
Jun 19, 2017
Tracked Since
Feb 18, 2026