Vulnerabilities > CVE-2014-9491 - Unspecified vulnerability in Illumos

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

illumos

NVD

Published: 2015-01-20

Updated: 2017-09-08

Summary

The devzvol_readdir function in illumos does not check the return value of a strchr call, which allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors. <a href="http://cwe.mitre.org/data/definitions/476.html">CWE-476: NULL Pointer Dereference</a>

Vulnerable Configurations

Part	Description	Count
Application	Illumos Illumos Illumos *	1

References

http://seclists.org/oss-sec/2015/q1/27
https://exchange.xforce.ibmcloud.com/vulnerabilities/99686
https://github.com/illumos/illumos-gate/commit/d65686849024838243515b5c40ae2c479460b4b5
https://www.illumos.org/issues/5421