Skip to main content

Gravity CVE-2017-1000074

CRITICAL
Buffer Overflow (CWE-119)
2017-07-17 cve@mitre.org
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 17, 2017 - 13:18 cve.org
CRITICAL 9.8

DescriptionCVE.org

Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function.

AnalysisAI

Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function. Affected products include: Creolabs Gravity. Version information: version 1.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2017-1000073 CRITICAL POC
9.8 Jul 17

Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary c

CVE-2017-1000172 CRITICAL POC
9.8 Nov 17

Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2017-1000173 CRITICAL POC
9.8 Nov 17

Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2017-1000075 CRITICAL POC
9.8 Jul 17

Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function. Rated critical severity (CVSS 9.8

CVE-2017-1000072 CRITICAL POC
9.8 Jul 17

Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modificati

CVE-2021-32284 HIGH POC
7.8 Sep 20

An issue was discovered in gravity through 0.8.1. Rated high severity (CVSS 7.8), this vulnerability is no authenticatio

CVE-2021-32281 HIGH POC
7.8 Sep 20

An issue was discovered in gravity through 0.8.1. Rated high severity (CVSS 7.8), this vulnerability is no authenticatio

CVE-2018-13795 HIGH POC
7.5 Jul 09

Gravity before 0.5.1 does not support a maximum recursion depth. Rated high severity (CVSS 7.5), this vulnerability is r

CVE-2021-32285 MEDIUM POC
5.5 Sep 20

An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authenticat

CVE-2021-32283 MEDIUM POC
5.5 Sep 20

An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authenticat

CVE-2021-32282 MEDIUM POC
5.5 Sep 20

An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authenticat

CVE-2026-40504 CRITICAL
9.3 Apr 16

Heap buffer overflow in Creolabs Gravity scripting language before 0.9.6 enables remote code execution when applications

Share

CVE-2017-1000074 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy