CVE-2016-8944 — Improper Input Validation in Corporation AIX

CWE-20 — Improper Input Validation3 documents3 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 84.18%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

IBM Corporation AIX IBM AIX

Timeline

PublishedFeb 15

Latest updateMay 17

Description

IBM AIX 7.1 and 7.2 allows a local user to open a file with a specially crafted argument that would crash the system. IBM APARs: IV91488, IV91487, IV91456, IV90234.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDibm/aix7.1, 7.2+1

▶CVEListV5ibm_corporation/aix1, 7, 7.2+2

Patches

Patch: aix.software.ibm.com ↗Patch: aix.software.ibm.com ↗

🔴Vulnerability Details

GHSA

GHSA-95hg-87x2-92p2: IBM AIX 7↗2022-05-17

▶

CVEList

CVE-2016-8944: IBM AIX 7↗2017-02-15

▶