CVE-2023-36480

Aerospike Java Client vulnerable to unsafe deserialization of server responses

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running on. Versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 contain a patch for this issue.

El cliente Java de Aerospike es una aplicación Java que implementa un protocolo de red para comunicarse con un servidor Aerospike. Antes de las versiones 7.0.0, 6.2.0, 5.2.0 y 4.5.0, algunos de los mensajes recibidos del servidor contenían objetos Java que el cliente deserializaba cuando los encontraba sin validación adicional. Los atacantes que consiguen engañar a los clientes para que se comuniquen con un servidor malicioso pueden incluir objetos especialmente diseñados en sus respuestas que, una vez deserializados por el cliente, le obligan a ejecutar código arbitrario. Esto se puede aprovechar para tomar el control de la máquina en la que se ejecuta el cliente. Las versiones 7.0.0, 6.2.0, 5.2.0 y 4.5.0 contienen un parche para este problema.

*Credits: N/A

CVSS Scores

NISTv3.1 9.8

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

Poc

Automatable

Yes

Tech. Impact

Total

* Organization's Worst-case Scenario

Timeline

2023-06-21 CVE Reserved
2023-08-04 CVE Published
2024-10-17 CVE Updated
2024-11-08 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-502: Deserialization of Untrusted Data

CAPEC

References (13)

URL	Tag	Source
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/AsyncRead.java#L68	Product
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L1157	Product
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L489	Product
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L596	Product
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/command/Buffer.java#L53	Product
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/command/Command.java#L2083	Product
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/util/Unpacker.java#L227	Product

URL	Date	SRC

URL	Date	SRC
https://github.com/aerospike/aerospike-client-java/commit/02bf28e62fb186f004c82c87b219db2fc5b8262a	2023-08-09
https://github.com/aerospike/aerospike-client-java/commit/51c65e32837da29435161a2d9c09bbdc2071ecae	2023-08-09
https://github.com/aerospike/aerospike-client-java/commit/66aafb4cd743cf53baffaeaf69b035f51d2e2e36	2023-08-09
https://github.com/aerospike/aerospike-client-java/commit/80c508cc5ecb0173ce92d7fab8cfab5e77bd9900	2023-08-09

URL	Date	SRC
https://github.com/aerospike/aerospike-client-java/security/advisories/GHSA-jj95-55cr-9597	2023-08-09
https://support.aerospike.com/s/article/CVE-2023-36480-Aerospike-Java-Client-vulnerable-to-unsafe-deserialization-of-server-responses	2023-08-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Aerospike Search vendor "Aerospike"		Aerospike Java Client Search vendor "Aerospike" for product "Aerospike Java Client"				< 4.5.0 Search vendor "Aerospike" for product "Aerospike Java Client" and version " < 4.5.0"		-		Affected
Aerospike Search vendor "Aerospike"		Aerospike Java Client Search vendor "Aerospike" for product "Aerospike Java Client"				>= 5.0.0 < 5.2.0 Search vendor "Aerospike" for product "Aerospike Java Client" and version " >= 5.0.0 < 5.2.0"		-		Affected
Aerospike Search vendor "Aerospike"		Aerospike Java Client Search vendor "Aerospike" for product "Aerospike Java Client"				>= 6.0.0 < 6.2.0 Search vendor "Aerospike" for product "Aerospike Java Client" and version " >= 6.0.0 < 6.2.0"		-		Affected