CVE-2016-9049

🗓️ 21 Feb 2017 22:00:00Reported by talosType

cve🔗 web.nvd.nist.gov👁 48 Views🌐 WEB

An exploitable denial-of-service vulnerability in Aerospike Database Server 3.10.0.3

Reporter	Title	Published	Views	Family All 9
CNVD	Aerospike Database Server Multiple Null Pointer References Denial of Service Vulnerability	24 Feb 201700:00	–	cnvd
Cvelist	CVE-2016-9049	21 Feb 201722:00	–	cvelist
EUVD	EUVD-2016-9870	7 Oct 202500:30	–	euvd
NVD	CVE-2016-9049	21 Feb 201722:59	–	nvd
OpenVAS	Aerospike Database Server <= 3.10.0.3 Multiple Vulnerabilities	27 Jan 201700:00	–	openvas
Prion	Null pointer dereference	21 Feb 201722:59	–	prion
Positive Technologies	PT-2017-9933 · Aerospike · Aerospike Database Server	21 Feb 201700:00	–	ptsecurity
seebug.org	Aerospike Database Server Fabric-Worker Socket-Loop Denial-of-Service Vulnerability(CVE-2016-9049)	22 Sep 201700:00	–	seebug
Talos	Aerospike Database Server Fabric-Worker Socket-Loop Denial-of-Service Vulnerability	21 Feb 201700:00	–	talos

NVD

Vulners

Node

aerospike database_serverMatch3.10.0.3

[
  {
    "product": "Database Server",
    "vendor": "Aerospike",
    "versions": [
      {
        "status": "affected",
        "version": "3.10.0.3"
      }
    ]
  }
]

Source	Link
talosintelligence	www.talosintelligence.com/reports/TALOS-2016-0263/
securityfocus	www.securityfocus.com/bid/96376

Parameter	Position	Path	Description	CWE
size	binary	fabric-port/3001	NULL pointer dereference in fabric_buffer_process_readable when a crafted TCP packet with oversized msg size causes allocation failure and subsequent memcpy using NULL pointer.	CWE-476
type	binary	fabric-port/3001	NULL pointer dereference in fabric_buffer_process_readable when a crafted TCP packet with oversized msg size causes allocation failure and subsequent memcpy using NULL pointer.	CWE-476

13 May 2026 00:24Current

7.5High risk

Vulners AI Score7.5

CVSS 25

CVSS 3.17.5

CVSS 37.5

EPSS0.01399

CWE-476