CVE-2017-1000375: Buffer Overflow
First published: Mon Jun 19 2017(Updated: )
NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NetBSD current | <=7.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2017-1000375?
CVE-2017-1000375 has a high severity as it allows attackers to manipulate memory leading to arbitrary code execution.
How do I fix CVE-2017-1000375?
To fix CVE-2017-1000375, update to a version of NetBSD later than 7.1 that addresses this vulnerability.
What systems are affected by CVE-2017-1000375?
CVE-2017-1000375 affects NetBSD 7.1 and possibly earlier versions.
What is the nature of the vulnerability described in CVE-2017-1000375?
CVE-2017-1000375 is a memory manipulation vulnerability caused by improper mapping of the run-time link-editor.
Can CVE-2017-1000375 be exploited remotely?
Yes, CVE-2017-1000375 can potentially be exploited remotely, which increases its risk.
- agent/type
- agent/references
- agent/weakness
- agent/author
- agent/severity
- agent/description
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/netbsd
- canonical/netbsd current
- version/netbsd current/7.1