PT-2017-16161 · Blackberry · Blackberry Qnx Software Development Platform
Published
2017-11-14
·
Updated
2025-08-26
·
CVE-2017-3892
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
BlackBerry QNX Software Development Platform (SDP) version 6.6.0
Description
The issue is related to an information disclosure vulnerability in the default configuration of the QNX SDP. This vulnerability could allow an attacker to gain information about memory layout, which could be used in a blended attack. The attack involves executing commands that target procfs resources.
Recommendations
For BlackBerry QNX Software Development Platform (SDP) version 6.6.0, consider restricting access to procfs resources as a temporary mitigation measure until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Unsafe Debug Access Level
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Blackberry Qnx Software Development Platform