Vulnerability-Lookup

CNVD-2026-18577

Vulnerability from cnvd - Published: 2026-04-24

Title

Oracle Solaris内核拒绝服务漏洞

Description

Oracle Solaris是一款由Oracle公司开发的类Unix操作系统，主要用于服务器和企业级计算环境。 Oracle Solaris存在拒绝服务漏洞。该漏洞源于内核组件未能正确处理特定条件，攻击者可利用该漏洞通过本地低权限登录导致系统挂起或崩溃。

Severity

中

Patch Name

Oracle Solaris内核拒绝服务漏洞的补丁

Patch Description

Oracle Solaris是一款由Oracle公司开发的类Unix操作系统，主要用于服务器和企业级计算环境。 Oracle Solaris存在拒绝服务漏洞。该漏洞源于内核组件未能正确处理特定条件，攻击者可利用该漏洞通过本地低权限登录导致系统挂起或崩溃。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://www.oracle.com/security-alerts/cpuapr2026.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2026-34281

Impacted products

Name
Oracle Oracle Solaris 11.4

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-34281",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-34281"
    }
  },
  "description": "Oracle Solaris\u662f\u4e00\u6b3e\u7531Oracle\u516c\u53f8\u5f00\u53d1\u7684\u7c7bUnix\u64cd\u4f5c\u7cfb\u7edf\uff0c\u4e3b\u8981\u7528\u4e8e\u670d\u52a1\u5668\u548c\u4f01\u4e1a\u7ea7\u8ba1\u7b97\u73af\u5883\u3002\n\nOracle Solaris\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5185\u6838\u7ec4\u4ef6\u672a\u80fd\u6b63\u786e\u5904\u7406\u7279\u5b9a\u6761\u4ef6\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u672c\u5730\u4f4e\u6743\u9650\u767b\u5f55\u5bfc\u81f4\u7cfb\u7edf\u6302\u8d77\u6216\u5d29\u6e83\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.oracle.com/security-alerts/cpuapr2026.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-18577",
  "openTime": "2026-04-24",
  "patchDescription": "Oracle Solaris\u662f\u4e00\u6b3e\u7531Oracle\u516c\u53f8\u5f00\u53d1\u7684\u7c7bUnix\u64cd\u4f5c\u7cfb\u7edf\uff0c\u4e3b\u8981\u7528\u4e8e\u670d\u52a1\u5668\u548c\u4f01\u4e1a\u7ea7\u8ba1\u7b97\u73af\u5883\u3002\r\n\r\nOracle Solaris\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5185\u6838\u7ec4\u4ef6\u672a\u80fd\u6b63\u786e\u5904\u7406\u7279\u5b9a\u6761\u4ef6\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u672c\u5730\u4f4e\u6743\u9650\u767b\u5f55\u5bfc\u81f4\u7cfb\u7edf\u6302\u8d77\u6216\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Oracle Solaris\u5185\u6838\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Oracle Oracle Solaris 11.4"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2026-34281",
  "serverity": "\u4e2d",
  "submitTime": "2026-04-22",
  "title": "Oracle Solaris\u5185\u6838\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

CVE-2026-34281 (GCVE-0-2026-34281)

Vulnerability from cvelistv5 – Published: 2026-04-21 20:35 – Updated: 2026-04-22 14:46

Summary

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE

Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris.

Assigner

oracle

References

1 reference

URL	Tags
https://www.oracle.com/security-alerts/cpuapr2026.html	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Oracle Corporation	Oracle Solaris	Affected: 11.4 (semver)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-34281",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-22T14:46:11.017098Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-400",
                "description": "CWE-400 Uncontrolled Resource Consumption",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-22T14:46:26.265Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Oracle Solaris",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "11.4",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:oracle:solaris:11.4:*:*:*:*:*:*:*",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en-US",
          "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel).   The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris.  While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 6.5 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris.  While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris.",
              "lang": "en-US"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-21T20:35:20.900Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "Oracle Advisory",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2026.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2026-34281",
    "datePublished": "2026-04-21T20:35:20.900Z",
    "dateReserved": "2026-03-26T19:48:45.675Z",
    "dateUpdated": "2026-04-22T14:46:26.265Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-18577

CVE-2026-34281 (GCVE-0-2026-34281)

Tags

Sightings

Nomenclature