← Volver a CVEs
CVE-2017-1000365
HIGH7.8
Descripcion
The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.
Detalles CVE
Puntuacion CVSS v3.17.8
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado6/19/2017
Ultima modificacion4/20/2025
Fuentenvd
Avistamientos honeypot0
Productos afectados
linux:linux_kernel
Referencias
http://www.debian.org/security/2017/dsa-3927(cve@mitre.org)
http://www.debian.org/security/2017/dsa-3945(cve@mitre.org)
http://www.securityfocus.com/bid/99156(cve@mitre.org)
https://access.redhat.com/security/cve/CVE-2017-1000365(cve@mitre.org)
http://www.debian.org/security/2017/dsa-3927(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2017/dsa-3945(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/99156(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2017-1000365(af854a3a-2127-422b-91ae-364da2661108)
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.