PT-2017-18880 · Blackberry · Qnx Sdp

Published

2017-11-14

Updated

2025-08-26

CVE-2017-9369

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions BlackBerry QNX Software Development Platform (SDP) versions 6.5.0 SP1 and earlier, 6.6.0

Description An information disclosure issue exists in the default configuration of the QNX SDP, allowing an attacker to gain information about the memory layout of higher privileged processes. This is achieved by manipulating environment variables that influence the loader.

Recommendations For BlackBerry QNX Software Development Platform (SDP) versions 6.5.0 SP1 and earlier, consider restricting access to environment variables that influence the loader until a fix is available. For version 6.6.0, consider restricting access to environment variables that influence the loader until a fix is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2017-9369

Affected Products

Qnx Sdp

PT-2017-18880 · Blackberry · Qnx Sdp

CVE-2017-9369

Weakness Enumeration

Related Identifiers

Affected Products

References · 4