CVE-2017-1000376

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:redhat:enterprise_virtualization_server:-:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:libffi_project:libffi:*:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:a:oracle:peopletools:8.56:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peopletools:8.57:*:*:*:*:*:*:*

History

22 Sep 2023, 18:25

Type Values Removed Values Added
CPE cpe:2.3:a:oracle:peopletools:8.56:*:*:*:*:*:*:*
cpe:2.3:a:libffi_project:libffi:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:peopletools:8.57:*:*:*:*:*:*:*
First Time Libffi Project
Oracle peopletools
Oracle
Libffi Project libffi
References (MISC) https://www.oracle.com/security-alerts/cpujan2020.html - (MISC) https://www.oracle.com/security-alerts/cpujan2020.html - Third Party Advisory

Information

Published : 2017-06-19 16:29

Updated : 2024-02-28 16:04


NVD link : CVE-2017-1000376

Mitre link : CVE-2017-1000376

CVE.ORG link : CVE-2017-1000376


JSON object : View

Products Affected

debian

  • debian_linux

libffi_project

  • libffi

redhat

  • openshift
  • enterprise_linux
  • enterprise_virtualization_server

oracle

  • peopletools
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer