CVE-2018-1165

HIGH Year: 2018
CVSS v3 Score
7.0
High
CVSS v2 Score
6.9
Medium
Weakness Type
CWE-122
View all →

Vulnerability Description

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the SMB_IOC_SVCENUM IOCTL. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-4983.

Related Vulnerabilities

CVE-2022-24052

HIGH
CVSS:7.0(High)

MariaDB CONNECT Storage Engine Heap-based Buffer Overflow Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of MariaDB. Aut...

CWE-1222022

CVE-2023-21733

HIGH
CVSS:7.0(High)

Windows Bind Filter Driver Elevation of Privilege Vulnerability

CWE-1222023

CVE-2023-28218

HIGH
CVSS:7.0(High)

Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

CWE-1222023

CVE-2023-4504

HIGH
CVSS:7.0(High)

Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue...

CWE-1222023

CVE-2024-43522

HIGH
CVSS:7.0(High)

Windows Local Security Authority (LSA) Elevation of Privilege Vulnerability

CWE-1222024

CVE-2024-51480

HIGH
CVSS:7.0(High)

RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially cr...

CWE-1222024