Aerospike Database Server 220.127.116.11 Denial Of Service Vulnerability
24 Jul. 2017
An exploitable out-of-bounds read vulnerability exists in the client message-parsing functionality of Aerospike Database Server 18.104.22.168. A specially crafted packet can cause an out-of-bounds read resulting in disclosure of memory within the process, the same vulnerability can also be used to trigger a denial of service. An attacker can simply connect to the port and send the packet to trigger this vulnerability.
* Aerospike Database Server 22.214.171.124
Aerospike Database Server is both a distributed and scalable NoSQL database that is used as a back-end for scalable web applications that need a key-value store. With a focus on performance, it is multi-threaded and retains its indexes entirely in ram with the ability to persist data to a solid-state drive or traditional rotational media.
In order to receive a packet from the client, the server spawns threads which execute the thr_demarshal function. At the beginning of this function, the server will receive data from the socket and then validate the protocol type. If the protocol type specifies that the packet is compressed (PROTOTYPEASMSGCOMPRESSED), it will decompress it with zlib and then continue to process the packet . Later, when the protocol type is PROTOTYPEAS_MSG the server will pass the packet to the thr_tsvc_process_or_enqueue function .