CVE-2002-1586 — Solaris vulnerability

3 documents3 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 75.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SUN Solaris SUN Sunos

Timeline

PublishedDec 3

Latest updateApr 30

Description

Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶NVDsun/solaris5 versions+4

▶NVDsun/sunos5.5.1, 5.7, 5.8+2

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-j4pf-w53q-qqxx: Solaris 2↗2022-04-30

▶

CVEList

CVE-2002-1586: Solaris 2↗2005-02-08

▶