CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-36480 – Aerospike Java Client vulnerable to unsafe deserialization of server responses
https://notcve.org/view.php?id=CVE-2023-36480
The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running on. Versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 contain a patch for this issue. • https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/AsyncRead.java#L68 https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L1157 https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L489 https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/cl • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 85%CPEs: 6EXPL: 7CVE-2020-13151 – Aerospike Database UDF Lua Code Execution
https://notcve.org/view.php?id=CVE-2020-13151
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls, but this is insufficient. Anyone with network access can use a crafted UDF to execute arbitrary OS commands on all nodes of the cluster at the permission level of the user running the Aerospike service. Aerospike Community Edition versión 4.9.0.5, permite el envío y la ejecución no autenticada de funciones definidas por el usuario (UDF), escritas en Lua, como parte de una consulta de base de datos. Intenta restringir la ejecución del código al deshabilitar las llamadas a la función os.execute(), pero esto es insuficiente. • https://www.exploit-db.com/exploits/49067 https://github.com/b4ny4n/CVE-2020-13151 http://packetstormsecurity.com/files/160106/Aerospike-Database-5.1.0.3-Remote-Command-Execution.html http://packetstormsecurity.com/files/160451/Aerospike-Database-UDF-Lua-Code-Execution.html https://b4ny4n.github.io/network-pentest/2020/08/01/cve-2020-13151-poc-aerospike.html https://www.aerospike.com/docs/operations/configure/security/access-control/index.html#create-users-and-assign-roles https://www.aerospike.com&# • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10558
https://notcve.org/view.php?id=CVE-2016-10558
aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server. aerospike es un módulo add-on de Aerospike para Node.js. Las versiones anteriores a la 2.4.2 de aerospike descargan recursos binarios por HTTP, lo que hace que el módulo sea vulnerable a ataques MitM. Podría ser posible provocar la ejecución remota de código (RCE) cambiando el binario solicitado por otro controlado por el atacante si éste está en la red o posicionado entre el usuario y el servidor remoto. • https://nodesecurity.io/advisories/167 • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2016-9051
https://notcve.org/view.php?id=CVE-2016-9051
An exploitable out-of-bounds write vulnerability exists in the batch transaction field parsing functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause an out-of-bounds write resulting in memory corruption which can lead to remote code execution. An attacker can simply connect to the port to trigger this vulnerability. Existe una vulnerabilidad explotable de escritura fuera de límites en la funcionalidad de análisis de campo de transacción por lotes de Aerospike Database Server 3.10.0.3. Un paquete especialmente manipulado puede provocar una escritura fuera de límites resultando en corrupción de memoria que puede conducir a la ejecución remota de código. • http://www.securityfocus.com/bid/96374 http://www.talosintelligence.com/reports/TALOS-2016-0265 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9049
https://notcve.org/view.php?id=CVE-2016-9049
An exploitable denial-of-service vulnerability exists in the fabric-worker component of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause the server process to dereference a null pointer. An attacker can simply connect to a TCP port in order to trigger this vulnerability. Existe una vulnerabilidad explotable de denegación de servicio en el componente fabric-worker de Aerospike Database Server 3.10.0.3. Un paquete especialmente manipulado puede provocar que el proceso del servidor no haga referencia a un puntero nulo. • http://www.securityfocus.com/bid/96376 http://www.talosintelligence.com/reports/TALOS-2016-0263 • CWE-476: NULL Pointer Dereference •