Information Disclosure Vulnerability in BlackBerry QNX Software Development Platform
CVE-2017-9369

3.8LOW

Key Information:

Vendor

Blackberry

Status
Qnx Software Development Platform (sdp)
Vendor
CVE Published:
14 November 2017

What is CVE-2017-9369?

The BlackBerry QNX Software Development Platform (SDP) versions 6.6.0 and 6.5.0 SP1, along with earlier releases, contain an information disclosure vulnerability. This flaw allows attackers to exploit the default configuration to reveal sensitive information regarding the memory layout of more privileged processes. By manipulating specific environment variables that influence the loader, an attacker can gain unauthorized insights into the system's memory structure. It is crucial to address this vulnerability to mitigate the risk of potential data leaks and enhance overall security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

QNX Software Development Platform (SDP) 6.6.0

QNX Software Development Platform (SDP) 6.5.0 SP1 and earlier

References

http://support.blackberry.com/kb/articleDetail?articleNum...
x_refsource_CONFIRM

CVSS V3.1

Score:
3.8
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.