Home > Vulnerability Database > CVE-2017-1000377

Mend.io Vulnerability Database

CVE-2017-1000377

Date: June 19, 2017

An issue was discovered in the size of the default stack guard page on PAX Linux (originally from GRSecurity but shipped by other Linux vendors), specifically the default stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects PAX Linux Kernel versions as of June 19, 2017 (specific version information is not available at this time).

Language: Unix

Severity Score

5.9

Related Resources (5)

Url: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt

Url: http://www.securityfocus.com/bid/99129

Url: https://access.redhat.com/security/cve/CVE-2017-1000377

Url: https://nvd.nist.gov/vuln/detail/CVE-2017-1000377

Url: https://www.mend.io/vulnerability-database/CVE-2017-1000377

Severity Score

5.9

Weakness Type (CWE)

Buffer Errors

CWE-119

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	4.6
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2017-1000377

Date: June 19, 2017

Language: Unix

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?