CVE-2017-3893 LOW

CVE-2017-3893: Incomplete vulnerability mitigations

Vendor Blackberry
Product QNX Software Development Platform (QNX SDP)
Weakness CWE-693
Published November 14, 2017
Last update July 22, 2025
View on NVD All CVEs

CVSS base score

1.9/10
Attack vector Local
Attack complexity High
Privileges required High
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the default configuration of the QNX SDP system did not in all circumstances prevent attackers from modifying the GOT or PLT tables with buffer overflow attacks.

Key dates

02Disclosure timeline

November 14, 2017 CVE published
July 22, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2019-1970 Cisco Firepower Threat Defense Software File Policy Bypass Vulnerability CVE-2026-45656 UEFI Secure Boot Security Feature Bypass Vulnerability CVE-2026-20824 Windows Remote Assistance Security Feature Bypass Vulnerability CVE-2025-10905 Collision in minifilter driver of Avast Free Antivirus results in disabling of real-time protection CVE-2026-27893 vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out