CVE-2017-3893

EPSS 0.21%
Published 14.11.2017 21:29:00
Last modified 22.07.2025 16:15:24
Source secure@blackberry.com
Teams watchlist Login
Open Login

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks.

Affected products Warnungen 0 Metrics 4 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Blackberry ≫ Qnx Software Development Platform Version6.6.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.21%	0.429

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:N/I:P/A:P
secure@blackberry.com	1.9	0.5	1.4	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

CWE-693 Protection Mechanism Failure

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

http://support.blackberry.com/kb/articleDetail?articleNumber=000046674

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2017-3893

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-3893

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-3893

EUVD