CVE-2017-1084

HIGH

Freebsd < 11.2 - Memory Corruption

Title source: rule

Description

In FreeBSD before 11.2-RELEASE, multiple issues with the implementation of the stack guard-page reduce the protections afforded by the guard-page. This results in the possibility a poorly written process could be cause a stack overflow.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Qualys Corporation · cdosfreebsd_x86

https://www.exploit-db.com/exploits/42277

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Qualys Corporation · cdosfreebsd_x86

https://www.exploit-db.com/exploits/42278

View Code ZIP pw:eip

References (3)

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42277/

[Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/42278/

[Exploit, Technical Description, Third Party Advisory] https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

Scores

CVSS v3 7.5

EPSS 0.2445

EPSS Percentile 96.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-119

Status published

Products (1)

freebsd/freebsd < 11.2

Published Sep 12, 2018

Tracked Since Feb 18, 2026