CVE-2016-9037
Last modified
CVE-2016-9037 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element outside the bounds of a global array that is used to determine the type of the specified key's value. EPSS estimates a 3.67% chance of exploitation in the next 30 days.
Description
An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element outside the bounds of a global array that is used to determine the type of the specified key's value. This can lead to an out of bounds read within the context of the server. An attacker who exploits this vulnerability can cause a denial of service vulnerability on the server.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Tarantool | Tarantool | 1.7.2 |
References
- http://www.securityfocus.com/bid/95063Broken Link, Third Party Advisory, VDB Entry
- http://www.talosintelligence.com/reports/TALOS-2016-0255/Exploit, Technical Description, Third Party Advisory
- http://www.securityfocus.com/bid/95063Broken Link, Third Party Advisory, VDB Entry
- http://www.talosintelligence.com/reports/TALOS-2016-0255/Exploit, Technical Description, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-9037?
How severe is CVE-2016-9037?
How do I fix CVE-2016-9037?
Are you affected by CVE-2016-9037?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST