Description
In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 SP1 and earlier, an information disclosure vulnerability in the default configuration of the QNX SDP could allow an attacker to gain information relating to memory layout of higher privileged processes by manipulating environment variables that influence the loader.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None
Affected products
- BlackBerry / QNX Software Development Platform (SDP)6.6.0 – 6.6.0
- BlackBerry / QNX Software Development Platform (SDP)6.5.0 SP1 and earlier – 6.5.0 SP1 and earlier