PT-2016-7629 · Tarantool · Msgpuck+1
Published
2016-10-16
·
Updated
2022-12-13
·
CVE-2016-9036
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Tarantool's Msgpuck library version 1.0.3
Description
The issue is related to an incorrect return value in the
mp check function, which can lead to a denial of service when a specially crafted packet is processed. This occurs because the function fails to correctly check if decoding a map16 packet will exceed the buffer bounds.Recommendations
For Tarantool's Msgpuck library version 1.0.3, consider applying a patch or fix that corrects the
mp check function to properly handle map16 packet decoding and prevent the denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
DoS
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Msgpuck
Tarantool