PT-2016-7905 — Tarantool Tarantool

PT-2016-7905 · Tarantool · Tarantool

Published

2016-12-23

Updated

2016-12-23

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Tarantool version 1.7.2.0-g8e92715

Description The issue is related to an out-of-bounds array access in the xrow header decode function. A specially crafted packet can cause the function to access an element outside the bounds of a global array, leading to an out of bounds read within the context of the server. This can result in a denial of service.

Recommendations For Tarantool version 1.7.2.0-g8e92715, as a temporary workaround, consider restricting access to the xrow header decode function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

PYSEC-2016-39

Affected Products

Tarantool