CVE-2017-9369
LOWBlackBerry QNX SDP <=6.6.0/6.5.0SP1 Info Disclosure via Loader Env Var
Title source: llmDescription
In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader.
References (1)
Core 1
Core References
Mitigation, Vendor Advisory x_refsource_confirm
http://support.blackberry.com/kb/articleDetail?articleNumber=000046674
Scores
CVSS v3
3.8
EPSS
0.0056
EPSS Percentile
42.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (4)
BlackBerry/QNX Software Development Platform (SDP)
6.5.0 SP1 and earlier
BlackBerry/QNX Software Development Platform (SDP)
6.6.0
blackberry/qnx_software_development_platform
6.5.0 (2 CPE variants)
blackberry/qnx_software_development_platform
6.6.0
Published
Nov 14, 2017
Tracked Since
Feb 18, 2026