Lucene search
K
AerospikeDatabase Server

6 matches found

CVE
CVE
added 2017/01/26 9:0 p.m.67 views

CVE-2016-9050

CVE-2016-9050 affects Aerospike Database Server 3.10.0.3 and is an exploitable out-of-bounds read in the client message-parsing path. The vulnerability arises in the in-memory transaction handling where the server can read beyond a field due to not validating the minimum size of the DIGEST_RIPE f...

8.2CVSS7.8AI score0.02889EPSS
CVE
CVE
added 2017/01/26 9:0 p.m.65 views

CVE-2016-9054

CVE-2016-9054 describes a stack-based buffer overflow in Aerospike Database Server 3.10.0.3, exposed via the querying pathway. The vulnerability occurs in the function as_sindex__simatch_list_by_set_binid when processing a crafted packet that overflows an internal key buffer (setname_binid_typeid...

9.8CVSS9.8AI score0.077EPSS
CVE
CVE
added 2017/01/26 9:0 p.m.64 views

CVE-2016-9052

CVE-2016-9052 is an exploitable stack-based buffer overflow in Aerospike Database Server 3.10.0.3, triggered during a crafted index query. The vulnerability occurs in as_sindex__simatch_by_iname, which copies an index name into a fixed-size stack buffer (iname[AS_ID_INAME_SZ] = 256) using a lengt...

9.8CVSS9.8AI score0.077EPSS
CVE
CVE
added 2017/02/21 10:0 p.m.60 views

CVE-2016-9051

CVE-2016-9051 describes an exploitable out-of-bounds write in Aerospike Database Server 3.10.0.3 during batch transaction field parsing. The bug arises in as_batch_queue_task/as_msg_field handling: a missing bounds check when reading fields (field_sz) and subsequent field traversal can advance be...

9.8CVSS9.9AI score0.06862EPSS
CVE
CVE
added 2017/02/21 10:0 p.m.57 views

CVE-2016-9053

CVE-2016-9053 affects Aerospike Database Server 3.10.0.3 via the RW fabric message particle type. A crafted fabric packet can trigger out-of-bounds indexing when decoding particle types: the server reads a type byte, uses it to index particle_vtable, and calls size_from_wire_fn, leading to remote...

9.8CVSS9.6AI score0.07249EPSS
CVE
CVE
added 2017/02/21 10:0 p.m.56 views

CVE-2016-9049

CVE-2016-9049 : A denial-of-service in Aerospike Database Server’s fabric-worker (3.10.0.3) can be triggered by a crafted packet over TCP. The exploit writes to a NULL pointer due to a vulnerable allocation path when handling large message sizes, leading to a crash. A PoC exists and targets port ...

7.5CVSS7.5AI score0.0292EPSS
Web