← Voltar para CVEs
CVE-2017-1000365
HIGH7.8
Descricao
The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.
Detalhes CVE
Pontuacao CVSS v3.17.8
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosLOW
Interacao do usuarioNONE
Publicado6/19/2017
Ultima modificacao4/20/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
linux:linux_kernel
Referencias
http://www.debian.org/security/2017/dsa-3927(cve@mitre.org)
http://www.debian.org/security/2017/dsa-3945(cve@mitre.org)
http://www.securityfocus.com/bid/99156(cve@mitre.org)
https://access.redhat.com/security/cve/CVE-2017-1000365(cve@mitre.org)
http://www.debian.org/security/2017/dsa-3927(af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2017/dsa-3945(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/99156(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/security/cve/CVE-2017-1000365(af854a3a-2127-422b-91ae-364da2661108)
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.