CVE-2019-19396Improper Input Validation in Omnios

CWE-20Improper Input Validation3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.6%
top 31.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Omniosce Omnios
Timeline
PublishedNov 29
Latest updateMay 24

Description

illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurrently over a single socket, because uts/common/inet/ip/ip_attr.c mishandles conn_ixa dereferences.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDomniosce/omnios< r151030

🔴Vulnerability Details

2
GHSA
GHSA-qqw6-6jqg-6w44: illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurren2022-05-24
CVEList
CVE-2019-19396: illumos, as used in OmniOS Community Edition before r151030y, allows a kernel crash via an application with multiple threads calling sendmsg concurren2019-11-29
CVE-2019-19396 — Improper Input Validation in Omnios | cvebase