Talos opens box, three Aerospike vulns fly out

Aerospike NoSQL server DBAs, make sure you've rolled out version 3.11.1.1, because the vulnerabilities it fixes have been made public.

Cisco Talos made the three-vuln disclosure after the fix landed, including one denial-of-service and two code execution bugs – all easy to trigger by sending crafted packets.

In the DoS bug, designated CVE-2016-9049, the crafted packet makes the server process crash by dereferencing a null pointer.

In CVE-2016-9051, a crafted packet sent to a listening port triggers “an out-of-bounds write which causes memory corruption that can lead to remote code execution”.

The same approach applies to CVE-2016-9053, because of an “out-of-bounds indexing vulnerability in the RW fabric message particle type of the Aerospike Database Server”. The crafted packet makes the server fetch a function table outside the bounds of an array.

Aerospike released the updated version on February 15. ®