Cisco Blogs
Share

Vulnerability Spoltlight: Multiple Vulnerabilities in the Aerospike NoSQL Database Server

- February 21, 2017 - 0 Comments

Vulnerabilities discovered by Talos

Talos is releasing multiple vulnerabilities discovered in the Aerospike Database Server. These vulnerabilities range from Denial of Service to potential remote code execution. This software is used by various companies that require a high performance NoSQL database. These issues have been addressed in version 3.11.1.1 of the Aerospike Database software. 

The Aerospike Database Server is both a distributed and scalable NoSQL database that is used as a back-end for scalable web applications that need a key-value store. With a focus on performance, it is multi-threaded and retains its indexes entirely in ram with the ability to persist data to a solid-state drive or traditional rotational media. 

TALOS-2016-0263 (CVE-2016-9049) – Aerospike Database Server  Fabric_Worker Socket-Loop Denial-of-Service Vulnerability

TALOS-2016-0265 (CVE-2016-9051) – Aerospike Database Server Client Batch Request Code Execution Vulnerability

TALOS-2016-0267 (CVE-2016-9053) – Aerospike Database Server RW Fabric Message Particle Type Code Execution Vulnerability

Read More >>

Tags:

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

Share