Cisco Talos researchers disclosed multiple vulnerabilities in the Aerospike Database Server including ones that could allow memory disclosure and remote code execution.
The flaws were tested in Aerospike Database Server18.104.22.168 and the memory disclosure vulnerability involves an out out-of-bounds read vulnerability that exists in the client message-parsing functionality of the server, according to a Jan. 12 blog post. The flaw can also be used to trigger a denial of service (DoS) attack.
Researchers spotted two code execution vulnerabilities one of is a re which is an exploitable stack-based buffer overflow vulnerability in the querying functionality of the Aerospike Database server which can be triggered by an attacker connecting to the listening port.
The second remote code execution flaw impacts the querying functionality of the server and can also be exploited by an attacker connecting to the listening port.