libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.
References
Link | Resource |
---|---|
http://www.debian.org/security/2017/dsa-3889 | Third Party Advisory |
https://access.redhat.com/security/cve/CVE-2017-1000376 | Third Party Advisory |
https://www.oracle.com/security-alerts/cpujan2020.html | Third Party Advisory |
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt | Mailing List Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
22 Sep 2023, 18:25
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:peopletools:8.56:*:*:*:*:*:*:* cpe:2.3:a:libffi_project:libffi:*:*:*:*:*:*:*:* cpe:2.3:a:oracle:peopletools:8.57:*:*:*:*:*:*:* |
|
First Time |
Libffi Project
Oracle peopletools Oracle Libffi Project libffi |
|
References | (MISC) https://www.oracle.com/security-alerts/cpujan2020.html - Third Party Advisory |
Information
Published : 2017-06-19 16:29
Updated : 2024-02-28 16:04
NVD link : CVE-2017-1000376
Mitre link : CVE-2017-1000376
CVE.ORG link : CVE-2017-1000376
JSON object : View
Products Affected
debian
- debian_linux
libffi_project
- libffi
redhat
- openshift
- enterprise_linux
- enterprise_virtualization_server
oracle
- peopletools
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer