CVE-2016-9052
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3. A specially crafted packet can cause a stack-based buffer overflow in the function as_sindex__simatch_by_iname resulting in remote code execution. An attacker can simply connect to the port to trigger this vulnerability.
Una vulnerabilidad explotable de desbordamiento de búfer basado en pila existe en la funcionalidad de consulta de Aerospike Database Server 3.10.0.3. Un paquete especialmente manipulado puede provocar un desbordamiento de búfer basado en pila en la función as_sindex__simatch_by_iname resultando en ejecución remota de código. Un atacante puede simplemente conectarse al puerto y enviar el paquete para desencadenar esta vulnerabilidad.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-10-26 CVE Reserved
- 2017-01-26 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-09-13 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/95419 | Broken Link |
| URL | Date | SRC |
|---|---|---|
| http://www.talosintelligence.com/reports/TALOS-2016-0266 | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Aerospike Search vendor "Aerospike" | Database Server Search vendor "Aerospike" for product "Database Server" | 3.10.0.3 Search vendor "Aerospike" for product "Database Server" and version "3.10.0.3" | - |
Affected
| ||||||