CVE-2016-9053

Published: Feb 21, 2017Modified: May 13, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An exploitable out-of-bounds indexing vulnerability exists within the RW fabric message particle type of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server to fetch a function table outside the bounds of an array resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability.

Affected (1)

Products: Aerospike: Database Server

1 product

Database Server

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Aerospike Database Server	Version 3.10.0.3

Related CWEs

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (4)

http://www.securityfocus.com/bid/96372

Source: talos-cna@cisco.com

Broken LinkThird Party AdvisoryVDB Entry

http://www.talosintelligence.com/reports/TALOS-2016-0267/

Source: talos-cna@cisco.com

ExploitPatchTechnical DescriptionThird Party AdvisoryVDB Entry

http://www.securityfocus.com/bid/96372

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.talosintelligence.com/reports/TALOS-2016-0267/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchTechnical DescriptionThird Party AdvisoryVDB Entry

Timeline

No history available yet.