High severity7.0NVD Advisory· Published Jun 19, 2017· Updated May 13, 2026

CVE-2017-1000376

Description

libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1.

Affected products

Libffi Project/Libffi
cpe:2.3:a:libffi_project:libffi:*:*:*:*:*:*:*:*
Range: <3.2
Oracle Corporation/Peopletools2 versions
cpe:2.3:a:oracle:peopletools:8.56:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:peopletools:8.56:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:peopletools:8.57:*:*:*:*:*:*:*
Red Hat/Enterprise Virtualization Server
cpe:2.3:a:redhat:enterprise_virtualization_server:-:*:*:*:*:*:*:*
Red Hat/Openshift
cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Red Hat/Enterprise Linux2 versions
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.debian.org/security/2017/dsa-3889nvdThird Party Advisory
access.redhat.com/security/cve/CVE-2017-1000376nvdThird Party Advisory
www.oracle.com/security-alerts/cpujan2020.htmlnvdThird Party Advisory
www.qualys.com/2017/06/19/stack-clash/stack-clash.txtnvdMailing ListThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000