Lucene search

TalosCVELIST:CVE-2016-9040

HistorySep 07, 2018 - 12:00 p.m.

CVE-2016-9040

2018-09-0712:00:00

talos

www.cve.org

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit this will result in memory exhaustion, resulting in a full system denial of service.

CNA Affected

[
  {
    "product": "SmartOS",
    "vendor": "Joyent",
    "versions": [
      {
        "status": "affected",
        "version": "20161110T013148Z"
      }
    ]
  }
]

References

www.talosintelligence.com/vulnerability_reports/TALOS-2016-0258

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2016-9040