CVE-2016-9037

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2016-9037
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9037.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-9037
Downstream
Published
2016-12-23T22:59:00.377Z
Modified
2026-04-10T03:55:16.950074Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An exploitable out-of-bounds array access vulnerability exists in the xrowheaderdecode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element outside the bounds of a global array that is used to determine the type of the specified key's value. This can lead to an out of bounds read within the context of the server. An attacker who exploits this vulnerability can cause a denial of service vulnerability on the server.

References

Affected packages

Git / github.com/tarantool/tarantool

Affected ranges

Type
GIT
Repo
https://github.com/tarantool/tarantool
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8e9271582c802e583aa8be708cf6ebfdcb5b5eca
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.7.2"
        }
    ]
}

Affected versions

1.*
1.4.9
1.5.0
1.5.1
1.6.0
1.6.1
1.6.4
1.6.5
1.6.8
1.7.0
1.7.1
1.7.2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-9037.json"