CVE-2017-1082
HIGHFreeBSD 10.0-10.4 - Denial of Service via qsort Recursion Pattern
Title source: llmDescription
In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if the input follows the pathological pattern.
References (1)
Core 1
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Scores
CVSS v3
7.5
EPSS
0.0054
EPSS Percentile
67.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-20
Status
published
Products (1)
freebsd/freebsd
10.0 - 10.4
Published
Sep 12, 2018
Tracked Since
Feb 18, 2026