CVE-2016-9037

Name of the Vulnerable Software and Affected Versions Tarantool version 1.7.2.0-g8e92715

Description The issue is related to an out-of-bounds array access in the xrow header decode function. A specially crafted packet can cause the function to access an element outside the bounds of a global array, leading to an out of bounds read within the context of the server. This can result in a denial of service.

Recommendations For Tarantool version 1.7.2.0-g8e92715, consider restricting access to the xrow header decode function until a patch is available. As a temporary workaround, avoid processing specially crafted packets that may trigger the out-of-bounds array access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.