CVE-2016-9034Improper Restriction of Operations within the Bounds of a Memory Buffer in Smartos

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-120Classic Buffer Overflow3 documents3 sources
Severity
7.0HIGHNVD
EPSS
0.1%
top 80.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Joyent Smartos
Timeline
PublishedDec 14
Latest updateMay 13

Description

An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with 32-bit file systems. An attacker can craft an input that can cause a buffer overflow in the nm variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9032.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

NVDjoyent/smartos20161110t013148z
CVEListV5joyent/smartosOS 20161110T013148Z

🔴Vulnerability Details

2
GHSA
GHSA-w6pc-m3rh-gpq7: An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system2022-05-13
CVEList
CVE-2016-9034: An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system2016-12-14
CVE-2016-9034 — Joyent Smartos vulnerability | cvebase