CVE-2016-9031Integer Overflow or Wraparound in Smartos

CWE-190Integer Overflow or Wraparound3 documents3 sources
Severity
7.8HIGHNVD
CNA8.8
EPSS
0.1%
top 66.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Joyent Smartos
Timeline
PublishedDec 14
Latest updateMay 13

Description

An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerability. This vulnerability is distinct from CVE-2016-8733.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 1.1 | Impact: 6.0

Affected Packages2 packages

CVEListV5joyent/smartosOS 20161110T013148Z
NVDjoyent/smartos20161110t013148z

🔴Vulnerability Details

2
GHSA
GHSA-9vxv-mj8f-wqwx: An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system2022-05-13
CVEList
CVE-2016-9031: An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system2016-12-14
CVE-2016-9031 — Integer Overflow or Wraparound | cvebase