CVE-2016-9035
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable buffer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when dealing with native file systems. An attacker can craft an input that can cause a buffer overflow in the path variable leading to an out of bounds memory access and could result in potential privilege escalation. This vulnerability is distinct from CVE-2016-9033.
Existe un desbordamiento de búfer explotable en el sistema de archivo Joyent SmartOS 20161110T013148Z Hyprlofs. La vulnerabilidad está presente en el sistema de llamada loctl con el comando HYPRLOFS_ADD_ENTRIES cuando trabaja con sistemas de archivo nativos. Un atacante puede manipular una entrada que puede causar un desbordamiento de búfer en la variable path tratando con un acceso a memoria fuera de límites y puede resultar en una potencial escalada de privilegios. Esta vulnerabilidad es distinta de CVE-2016-9033.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-10-26 CVE Reserved
- 2016-12-14 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/94926 | Broken Link |
URL | Date | SRC |
---|---|---|
http://www.talosintelligence.com/reports/TALOS-2016-0253 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Joyent Search vendor "Joyent" | Smartos Search vendor "Joyent" for product "Smartos" | 20161110t013148z Search vendor "Joyent" for product "Smartos" and version "20161110t013148z" | - |
Affected
|