CVE-2016-9037

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-9037

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9037.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-9037

Downstream

UBUNTU-CVE-2016-9037

Published

2016-12-23T22:59:00Z

Modified

2025-08-26T06:19:09.783776Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An exploitable out-of-bounds array access vulnerability exists in the xrowheaderdecode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element outside the bounds of a global array that is used to determine the type of the specified key's value. This can lead to an out of bounds read within the context of the server. An attacker who exploits this vulnerability can cause a denial of service vulnerability on the server.

References

Affected packages

Debian:11 / tarantool

Package

Name: tarantool
Purl: pkg:deb/debian/tarantool?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.7.2.385.g952d79e-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / tarantool

Package

Name: tarantool
Purl: pkg:deb/debian/tarantool?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.7.2.385.g952d79e-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / tarantool

Package

Name: tarantool
Purl: pkg:deb/debian/tarantool?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.7.2.385.g952d79e-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / tarantool

Package

Name: tarantool
Purl: pkg:deb/debian/tarantool?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.7.2.385.g952d79e-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/tarantool/tarantool

Affected ranges

Type: GIT
Repo: https://github.com/tarantool/tarantool
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

8e9271582c802e583aa8be708cf6ebfdcb5b5eca

Affected versions

1.*

1.4.9

1.5.0

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.6.0

1.6.1

1.6.2

1.6.3

1.6.4

1.6.5

1.6.6

1.6.7

1.6.8

1.6.8.525

1.6.9

1.7.0

1.7.1

1.7.2