Date published: 2017-06-19T12:29:00.497-04:00
Date last modified: 2017-10-23T21:29:01.623-04:00
CVSS Score: 6.4
Principal attack vector: NETWORK
Reference URL: http://www.securityfocus.com/bid/99177
Summary: The OpenBSD qsort() function is recursive, and not randomized, an attacker can construct a pathological input array of N elements that causes qsort() to deterministically recurse N/4 times. This allows attackers to consume arbitrary amounts of stack memory and manipulate stack memory to assist in arbitrary code execution attacks. This affects OpenBSD 6.1 and possibly earlier versions.