CVE-2016-9040

Published: Sep 7, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit this will result in memory exhaustion, resulting in a full system denial of service.

Affected (1)

Products: Joyent: Smartos

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Joyent Smartos	Version 20161110t013148z

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (2)

https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0258

Source: talos-cna@cisco.com

ExploitTechnical DescriptionThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0258

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitTechnical DescriptionThird Party Advisory

Timeline

No history available yet.