Published: 21/02/2017 Updated: 13/12/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds write resulting in memory corruption which can lead to remote code execution. An attacker can simply connect to the port to trigger this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
aerospike database server 3.10.0.3

Talos opens box, three Aerospike vulns fly out

The Register • Richard Chirgwin • 22 Feb 2017

NoSQL server, but a big unhappy Yes to the question of security worries

Aerospike NoSQL server DBAs, make sure you've rolled out version 3.11.1.1, because the vulnerabilities it fixes have been made public. Cisco Talos made the three-vuln disclosure after the fix landed, including one denial-of-service and two code execution bugs – all easy to trigger by sending crafted packets. In the DoS bug, designated CVE-2016-9049, the crafted packet makes the server process crash by dereferencing a null pointer. In CVE-2016-9051, a crafted packet sent to a listening port tri...

CVE-2016-9051

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect