{"api_version":"1","generated_at":"2026-04-23T02:57:28+00:00","cve":"CVE-2017-1000375","urls":{"html":"https://cve.report/CVE-2017-1000375","api":"https://cve.report/api/cve/CVE-2017-1000375.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2017-1000375","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000375"},"summary":{"title":"CVE-2017-1000375","description":"NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2017-06-19 16:29:00","updated_at":"2017-08-12 01:29:00"},"problem_types":["CWE-119"],"metrics":[],"references":[{"url":"http://www.securityfocus.com/bid/99257","name":"99257","refsource":"BID","tags":["Third Party Advisory","VDB Entry"],"title":"NetBSD CVE-2017-1000375 Arbitrary Code Execution Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.exploit-db.com/exploits/42272/","name":"42272","refsource":"EXPLOIT-DB","tags":[],"title":"NetBSD - 'Stack Clash' (PoC) - NetBSD_x86 dos Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt","name":"https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2017-1000375","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000375","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2017","cve_id":"1000375","vulnerable":"1","versionEndIncluding":"7.1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"netbsd","cpe5":"netbsd","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2017-1000375","REQUESTER":"qsa@qualys.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"42272","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/42272/"},{"name":"99257","refsource":"BID","url":"http://www.securityfocus.com/bid/99257"},{"name":"https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt","refsource":"MISC","url":"https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt"}]}},"nvd":{"publishedDate":"2017-06-19 16:29:00","lastModifiedDate":"2017-08-12 01:29:00","problem_types":["CWE-119"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:netbsd:netbsd:*:*:*:*:*:*:*:*","versionEndIncluding":"7.1","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2017","CveId":"1000375","Ordinal":"106793","Title":"CVE-2017-1000375","CVE":"CVE-2017-1000375","Year":"2017"},"notes":[{"CveYear":"2017","CveId":"1000375","Ordinal":"1","NoteData":"NetBSD maps the run-time link-editor ld.so directly below the stack region, even if ASLR is enabled, this allows attackers to more easily manipulate memory leading to arbitrary code execution. This affects NetBSD 7.1 and possibly earlier versions.","Type":"Description","Title":null},{"CveYear":"2017","CveId":"1000375","Ordinal":"2","NoteData":"2017-06-19","Type":"Other","Title":"Published"},{"CveYear":"2017","CveId":"1000375","Ordinal":"3","NoteData":"2017-08-11","Type":"Other","Title":"Modified"}]}}}