CVE-2016-9040Uncontrolled Resource Consumption in Smartos

CWE-400Uncontrolled Resource Consumption3 documents3 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 81.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Joyent Smartos
Timeline
PublishedSep 7
Latest updateMay 13

Description

An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit this will result in memory exhaustion, resulting in a full system denial of service.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5joyent/smartos20161110T013148Z
NVDjoyent/smartos20161110t013148z

🔴Vulnerability Details

2
GHSA
GHSA-9x7x-fv7w-r8pq: An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system2022-05-13
CVEList
CVE-2016-9040: An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system2018-09-07
CVE-2016-9040 — Uncontrolled Resource Consumption | cvebase