CVE-2014-9491
CVE-2014-9491 is a medium-severity vulnerability in Illumos with a CVSS 2.0 base score of 5.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 5.0)
- EPSS exploit prediction: 3% (84th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Illumos
- Published:
- Last modified:
Description
The devzvol_readdir function in illumos does not check the return value of a strchr call, which allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors.
Frequently asked questions
- What is CVE-2014-9491?
- The devzvol_readdir function in illumos does not check the return value of a strchr call, which allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors.
- How severe is CVE-2014-9491?
- CVE-2014-9491 has a CVSS 2.0 base score of 5.0, rated medium severity.
- Is CVE-2014-9491 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 3% (84th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2014-9491?
- CVE-2014-9491 affects Illumos. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2014-9491?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2014-9491 published?
- CVE-2014-9491 was published on 2015-01-20 and last updated on 2026-06-17.
References
- http://seclists.org/oss-sec/2015/q1/27
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99686
- https://github.com/illumos/illumos-gate/commit/d65686849024838243515b5c40ae2c479460b4b5
- https://www.illumos.org/issues/5421
Affected products (1)
- cpe:2.3:a:illumos:illumos:*:*:*:*:*:*:*:*
More vulnerabilities in Illumos
- CVE-2020-27678 — Critical (CVSS 9.8): An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and…
- CVE-2016-6560 — High (CVSS 8.6): illumos osnet-incorporation bcopy() and bzero() implementations make signed instead of unsigned comparisons allowing a…
- CVE-2019-9579 — High (CVSS 8.1): An issue was discovered in Illumos in Nexenta NexentaStor 4.0.5 and 5.1.2, and other products. The SMB server allows an…
- CVE-2016-6561 — High (CVSS 7.5): illumos smbsrv NULL pointer dereference allows system crash.
- CVE-2012-0217 — High (CVSS 7.2): The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and…
- CVE-2021-43395 — Medium (CVSS 5.5): An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038,…