CVE-2017-1000373 - OpenCVE

The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Openbsd	Openbsd

Configuration 1 [-]

cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/bid/99177
http://www.securitytracker.com/id/1039427
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/qsort.c?rev=1.15&content-type=text/x-cvsweb-markup
https://support.apple.com/HT208112
https://support.apple.com/HT208113
https://support.apple.com/HT208115
https://support.apple.com/HT208144
https://www.exploit-db.com/exploits/42271/
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-06-19T16:00:00

Updated: 2024-08-05T22:00:40.943Z

Reserved: 2017-06-19T00:00:00

Link: CVE-2017-1000373

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-06-19T16:29:00.497

Modified: 2017-10-24T01:29:01.623

Link: CVE-2017-1000373

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-06-19T00:00:00", "descriptions": [{"lang": "en", "value": "The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-23T00:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "42271", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/42271/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT208144"}, {"tags": ["x_refsource_MISC"], "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"}, {"tags": ["x_refsource_MISC"], "url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/qsort.c?rev=1.15&content-type=text/x-cvsweb-markup"}, {"name": "99177", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/99177"}, {"name": "1039427", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039427"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT208113"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT208112"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/HT208115"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-1000373", "REQUESTER": "qsa@qualys.com", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "42271", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/42271/"}, {"name": "https://support.apple.com/HT208144", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208144"}, {"name": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt", "refsource": "MISC", "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"}, {"name": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/qsort.c?rev=1.15&content-type=text/x-cvsweb-markup", "refsource": "MISC", "url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/qsort.c?rev=1.15&content-type=text/x-cvsweb-markup"}, {"name": "99177", "refsource": "BID", "url": "http://www.securityfocus.com/bid/99177"}, {"name": "1039427", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039427"}, {"name": "https://support.apple.com/HT208113", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208113"}, {"name": "https://support.apple.com/HT208112", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208112"}, {"name": "https://support.apple.com/HT208115", "refsource": "CONFIRM", "url": "https://support.apple.com/HT208115"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T22:00:40.943Z"}, "title": "CVE Program Container", "references": [{"name": "42271", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/42271/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT208144"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/qsort.c?rev=1.15&content-type=text/x-cvsweb-markup"}, {"name": "99177", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/99177"}, {"name": "1039427", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039427"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT208113"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT208112"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/HT208115"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-1000373", "datePublished": "2017-06-19T16:00:00", "dateReserved": "2017-06-19T00:00:00", "dateUpdated": "2024-08-05T22:00:40.943Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:openbsd:openbsd:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F5FE30D-1E1E-4811-8263-EAFB651FF144", "versionEndIncluding": "6.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions."}, {"lang": "es", "value": "La funci\u00f3n qsort() de OpenBSD es recursiva y no aleatorizada, por lo que un atacante puede construir un array de entrada patol\u00f3gica de elementos N que provoca que qsort() se repita inevitablemente N/4 veces. Esto permite que los atacantes consuman cantidades de memoria de pila arbitrarias y manipulen la memoria de pila para ayudar en los ataques de ejecuci\u00f3n de c\u00f3digo arbitrario. Esto afecta a OpenBSD 6.1 y, posiblemente, a versiones anteriores."}], "id": "CVE-2017-1000373", "lastModified": "2017-10-24T01:29:01.623", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.4, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-06-19T16:29:00.497", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/99177"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1039427"}, {"source": "cve@mitre.org", "tags": ["Mitigation", "Third Party Advisory"], "url": "https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/qsort.c?rev=1.15&content-type=text/x-cvsweb-markup"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/HT208112"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/HT208113"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/HT208115"}, {"source": "cve@mitre.org", "url": "https://support.apple.com/HT208144"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/42271/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}