Skip to main content

Gravity CVE-2017-1000173

CRITICAL
Out-of-bounds Read (CWE-125)
2017-11-17 cve@mitre.org
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 17, 2017 - 03:29 cve.org
CRITICAL 9.8

DescriptionCVE.org

Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop whiling pushing data to a buffer, we can break out of the bounds checking of that buffer. When list.join is called on the data it will read past a buffer resulting in a Heap-Buffer-Overflow.

AnalysisAI

Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. By creating a large loop whiling pushing data to a buffer, we can break out of the bounds checking of that buffer. When list.join is called on the data it will read past a buffer resulting in a Heap-Buffer-Overflow. Affected products include: Creolabs Gravity.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

CVE-2017-1000073 CRITICAL POC
9.8 Jul 17

Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an undisclosed component that can result in arbitrary c

CVE-2017-1000172 CRITICAL POC
9.8 Nov 17

Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. Rated critical severity (CVSS 9.8), this vulnerabi

CVE-2017-1000075 CRITICAL POC
9.8 Jul 17

Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the memcmp function. Rated critical severity (CVSS 9.8

CVE-2017-1000074 CRITICAL POC
9.8 Jul 17

Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the string_repeat() function. Rated critical severity

CVE-2017-1000072 CRITICAL POC
9.8 Jul 17

Creolabs Gravity version 1.0 is vulnerable to a Double Free in gravity_value resulting potentially leading to modificati

CVE-2021-32284 HIGH POC
7.8 Sep 20

An issue was discovered in gravity through 0.8.1. Rated high severity (CVSS 7.8), this vulnerability is no authenticatio

CVE-2021-32281 HIGH POC
7.8 Sep 20

An issue was discovered in gravity through 0.8.1. Rated high severity (CVSS 7.8), this vulnerability is no authenticatio

CVE-2018-13795 HIGH POC
7.5 Jul 09

Gravity before 0.5.1 does not support a maximum recursion depth. Rated high severity (CVSS 7.5), this vulnerability is r

CVE-2021-32285 MEDIUM POC
5.5 Sep 20

An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authenticat

CVE-2021-32283 MEDIUM POC
5.5 Sep 20

An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authenticat

CVE-2021-32282 MEDIUM POC
5.5 Sep 20

An issue was discovered in gravity through 0.8.1. Rated medium severity (CVSS 5.5), this vulnerability is no authenticat

CVE-2026-40504 CRITICAL
9.3 Apr 16

Heap buffer overflow in Creolabs Gravity scripting language before 0.9.6 enables remote code execution when applications

Share

CVE-2017-1000173 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy