← Zuruck zu CVEs
CVE-2017-1000365
HIGH7.8
Beschreibung
The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.
CVE Details
CVSS v3.1 Bewertung7.8
SchweregradHIGH
CVSS VektorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorLOCAL
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht6/19/2017
Zuletzt geandert4/20/2025
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
linux:linux_kernel
Referenzen
http://www.debian.org/security/2017/dsa-3927(cve@mitre.org)
http://www.debian.org/security/2017/dsa-3945(cve@mitre.org)
http://www.securityfocus.com/bid/99156(cve@mitre.org)
https://access.redhat.com/security/cve/CVE-2017-1000365(cve@mitre.org)
http://www.debian.org/security/2017/dsa-3927(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2017/dsa-3945(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/99156(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2017-1000365(af854a3a-2127-422b-91ae-364da2661108)
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.