CVE-2016-9039Uncontrolled Resource Consumption in Smartos

CWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
5.5MEDIUMNVD
CNA6.2
EPSS
0.1%
top 77.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Joyent Smartos
Timeline
PublishedJan 31
Latest updateMay 13

Description

An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploited this will result in memory exhaustion, resulting in a full system denial of service.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5joyent/smartosOS 20161110T013148Z
NVDjoyent/smartos20161110t013148z

🔴Vulnerability Details

2
GHSA
GHSA-h4vg-vpxq-866j: An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system2022-05-13
CVEList
CVE-2016-9039: An exploitable denial of service exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system2017-01-31
CVE-2016-9039 — Uncontrolled Resource Consumption | cvebase