PT-2020-3870 · Oracle · Oracle Solaris

Published

2020-07-15

Updated

2020-07-17

CVE-2020-14537

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: Oracle Solaris version 11

Description: The issue is related to errors in resource release in the Packaging Scripts component of Oracle Solaris. Exploitation of this issue can allow an attacker to cause a denial of service. The vulnerability can be easily exploited by a high-privileged attacker with logon to the infrastructure where Oracle Solaris executes, requiring human interaction from a person other than the attacker. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash of Oracle Solaris.

Recommendations: For Oracle Solaris version 11, there is no information about a newer version that contains a fix for this vulnerability.

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404

Related Identifiers

BDU:2020-04262

CVE-2020-14537

Affected Products

Oracle Solaris

PT-2020-3870 · Oracle · Oracle Solaris

CVE-2020-14537

Weakness Enumeration

Related Identifiers

Affected Products

References · 5