CVE-2017-1000373

Name of the Vulnerable Software and Affected Versions OpenBSD versions 6.1 and earlier

Description The issue concerns the qsort() function in OpenBSD, which is recursive and not randomized. An attacker can create a specific input array that causes the function to recurse a certain number of times, allowing for the consumption of arbitrary amounts of stack memory. This can be used to manipulate stack memory and potentially execute arbitrary code.

Recommendations For OpenBSD version 6.1 and earlier, consider applying a patch or updating to a newer version that addresses this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.