Lucene search

[email protected]NVD:CVE-2016-9039

HistoryJan 31, 2017 - 9:59 p.m.

CVE-2016-9039

2017-01-3121:59:00

CWE-400

[email protected]

web.nvd.nist.gov

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploited this will result in memory exhaustion, resulting in a full system denial of service.

Affected configurations

Nvd

Node

joyentsmartosMatch20161110t013148z

VendorProductVersionCPE
joyentsmartos20161110t013148zcpe:2.3:o:joyent:smartos:20161110t013148z:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
joyent	smartos	20161110t013148z	cpe:2.3:o:joyent:smartos:20161110t013148z:::::::*

References

www.securityfocus.com/bid/95916

www.talosintelligence.com/reports/TALOS-2016-0257/

CVSS2

4.9

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2016-9039

prion1 cve1 talos1 seebug1 cvelist1