Denial of Service Vulnerability in Joyent SmartOS Hyprlofs File System

Denial of Service Vulnerability in Joyent SmartOS Hyprlofs File System

CVE-2016-9040 · MEDIUM Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

An exploitable denial of service exists in the the Joyent SmartOS OS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFSADDENTRIES when used with a 32 bit model. An attacker can cause a buffer to be allocated and never freed. When repeatedly exploit this will result in memory exhaustion, resulting in a full system denial of service.

Learn more about our Web Application Penetration Testing UK.