CVE Vulnerabilities

CVE-2017-0016

NULL Pointer Dereference

Published: Mar 17, 2017 | Modified: Jul 25, 2017
CVSS 3.x
5.9
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
7.1 HIGH
AV:N/AC:M/Au:N/C:N/I:N/A:C
RedHat/V2
RedHat/V3
Ubuntu

Microsoft Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows RT 8.1; Windows Server 2012 R2, and Windows Server 2016 do not properly handle certain requests in SMBv2 and SMBv3 packets, which allows remote attackers to execute arbitrary code via a crafted SMBv2 or SMBv3 packet to the Server service, aka SMBv2/SMBv3 Null Dereference Denial of Service Vulnerability.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Windows_rt_8.1 Microsoft * *
Windows_server_2012 Microsoft r2 r2
Windows_server_2016 Microsoft * *
Windows_10 Microsoft 1511 1511
Windows_10 Microsoft 1607 1607
Windows_8.1 Microsoft * *
Windows_10 Microsoft - -

Potential Mitigations

References