Network Security, Vulnerability Management

Memory disclosure and two remote code execution flaws in Aerospike Database Server


Cisco Talos researchers disclosed multiple vulnerabilities in the Aerospike Database Server including ones that could allow memory disclosure and remote code execution.

The flaws were tested in Aerospike Database Server3.10.0.3 and the memory disclosure vulnerability involves an out out-of-bounds read vulnerability that exists in the client message-parsing functionality of the server, according to a Jan. 12 blog post. The flaw can also be used to trigger a denial of service (DoS) attack.

Researchers spotted two code execution vulnerabilities one of is a re which is an exploitable stack-based buffer overflow vulnerability in the querying functionality of the Aerospike Database server which can be triggered by an attacker connecting to the listening port.

The second remote code execution flaw impacts the querying functionality of the server and can also be exploited by an attacker connecting to the listening port.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.