Avatar

Vulnerabilities discovered by Talos

Talos is disclosing multiple vulnerabilities discovered in the Aerospike Database Server. These vulnerabilities range from memory disclosure to potential remote code execution. This software is used by various companies that require a high performance NoSQL database. Aerospike fixed these issues in  version 3.11.

The Aerospike Database Server is both a distributed and scalable NoSQL database that is used as a back-end for scalable web applications that need a key-value store. With a focus on performance, it is multi-threaded and retains its indexes entirely in ram with the ability to persist data to a solid-state drive or traditional rotational media. 

TALOS-2016-0264 (CVE-2016-9050) – Aerospike Database Server Client Message Memory Disclosure Vulnerability

TALOS-2016-0266 (CVE-2016-9052) – Aerospike Database Server Index Name Code Execution Vulnerability

TALOS-2016-0268 (CVE-2016-9054) – Aerospike Database Server Set Name Code Execution Vulnerability

<<Read_More>>



Authors

Talos Group

Talos Security Intelligence & Research Group