Published: 21/02/2017 Updated: 13/12/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
aerospike database server 3.10.0.3

Talos opens box, three Aerospike vulns fly out

The Register • Richard Chirgwin • 22 Feb 2017

NoSQL server, but a big unhappy Yes to the question of security worries

Aerospike NoSQL server DBAs, make sure you've rolled out version 3.11.1.1, because the vulnerabilities it fixes have been made public. Cisco Talos made the three-vuln disclosure after the fix landed, including one denial-of-service and two code execution bugs – all easy to trigger by sending crafted packets. In the DoS bug, designated CVE-2016-9049, the crafted packet makes the server process crash by dereferencing a null pointer. In CVE-2016-9051, a crafted packet sent to a listening port tri...

CVE-2016-9049

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect