CVE-2017-1000365

Source
https://nvd.nist.gov/vuln/detail/CVE-2017-1000365
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-1000365.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2017-1000365
Downstream
Related
Published
2017-06-19T16:29:00Z
Modified
2025-08-09T20:01:25Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMITSTACK/RLIMINFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.

References

Affected packages