CVE-2017-9369

LOW

BlackBerry QNX SDP <=6.6.0/6.5.0SP1 Info Disclosure via Loader Env Var

Title source: llm
STIX 2.1

Description

In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader.

References (1)

Core 1
Core References
Mitigation, Vendor Advisory x_refsource_confirm
http://support.blackberry.com/kb/articleDetail?articleNumber=000046674

Scores

CVSS v3 3.8
EPSS 0.0056
EPSS Percentile 42.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (4)
BlackBerry/QNX Software Development Platform (SDP) 6.5.0 SP1 and earlier
BlackBerry/QNX Software Development Platform (SDP) 6.6.0
blackberry/qnx_software_development_platform 6.5.0 (2 CPE variants)
blackberry/qnx_software_development_platform 6.6.0
Published Nov 14, 2017
Tracked Since Feb 18, 2026