Back to search
CVE-2017-1000365
Published: Jun 19, 2017
Modified: Aug 5, 2024
PUBLISHED
Description
The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
DSA-3927
vendor-advisory
x_refsource_DEBIAN
99156
vdb-entry
x_refsource_BID
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
x_refsource_MISC
DSA-3945
vendor-advisory
x_refsource_DEBIAN
https://access.redhat.com/security/cve/CVE-2017-1000365
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now