VYPR

qsort()

by OpenBSD

CVEs (1)

  • CVE-2017-1000373MedJun 19, 2017
    risk 0.46cvss 6.5epss 0.13

    The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack…