Sign In

CVE-2017-1000365

ADVISORY - nist

Summary

The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.

EPSS Score: 0.00082 (0.250)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-noinfo

ADVISORY - redhat

CWE-20

Improper Input Validation

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2017-1000365
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-noinfo

CVSS SCORE

7.8high

Debian

CREATED

UPDATED

ADVISORY IDCVE-2017-1000365
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2017-1000365
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.8medium

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2017-1000365
EXPLOITABILITY SCORE

1.4

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-20

CVSS SCORE

2.9low

Oracle

CREATED

UPDATED

ADVISORY IDELSA-2017-3609
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

UPDATED

ADVISORY IDELSA-2017-3621
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

Oracle

CREATED

UPDATED

ADVISORY IDELSA-2017-3622
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Ahigh

intheWild

CREATED

UPDATED

ADVISORY IDCVE-2017-1000365
EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY