Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-1082

In FreeBSD 11.x before 11.1-RELEASE and 10.x before 10.4-RELEASE, the qsort algorithm has a deterministic recursion pattern. Feeding a pathological input to the algorithm can lead to excessive stack usage and potential overflow. Applications that use qsort to handle large data set may crash if the input follows the pathological pattern.

Published

2018-09-12T14:29:00.250

Last Modified

2024-11-21T03:21:18.127

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	freebsd	freebsd	≤ 10.4	Yes
Operating System	freebsd	freebsd	< 11.1	Yes

References

https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt Exploit, Technical Description, Third Party Advisory ([email protected])
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt Exploit, Technical Description, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)