CVE-2016-9040

CVSS 6.2 MEDIUMEPSS 0.5%

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 6.2EPSS 0.5%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

07 Sep 2018Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit this will result in memory exhaustion, resulting in a full system denial of service.

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Joyent · SmartOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0258