CVE-2016-8733
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a kernel panic and potentially be leveraged into a full privilege escalation vulnerability. This vulnerability is distinct from CVE-2016-9031.
Existe un desbordamiento de entero explotable en el sistema de archivo Joyent SmartOS 20161110T013148Z Hyprlofs. La vulnerabilidad está presente en el sistema de llamada loctl con el comando HYPRLOFS_ADD_ENTRIES cuando trabaja con sistemas de archivo nativos. Un atacante puede manipular una entrada que puede causar pánico de kernel y potencialmente ser aprovechada para una vulnerabilidad de escalada de privilegios completa. Esta vulnerabilidad es distinta de CVE-2016-9031.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-10-17 CVE Reserved
- 2016-12-14 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-190: Integer Overflow or Wraparound
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/94920 | Broken Link |
| URL | Date | SRC |
|---|---|---|
| http://www.talosintelligence.com/reports/TALOS-2016-0248 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Joyent Search vendor "Joyent" | Smartos Search vendor "Joyent" for product "Smartos" | <= 20161110t013148z Search vendor "Joyent" for product "Smartos" and version " <= 20161110t013148z" | - |
Affected
| ||||||