CVE-2016-9037 HIGH

CVE-2016-9037

Vendor Tarantool
Product Tarantool
Weakness CWE-125
Published December 23, 2016
Last update August 6, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

An exploitable out-of-bounds array access vulnerability exists in the xrow_header_decode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element outside the bounds of a global array that is used to determine the type of the specified key's value. This can lead to an out of bounds read within the context of the server. An attacker who exploits this vulnerability can cause a denial of service vulnerability on the server.

Key dates

02Disclosure timeline

December 23, 2016 CVE published
August 6, 2024 Record updated

Related vulnerabilities

04Related CVE