PYSEC-2016-39

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/tarantool/PYSEC-2016-39.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2016-39

Withdrawn

2024-11-22T04:37:05Z

Published

2016-12-23T22:59:00Z

Modified

2024-11-21T14:23:01.531112Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An exploitable out-of-bounds array access vulnerability exists in the xrowheaderdecode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element outside the bounds of a global array that is used to determine the type of the specified key's value. This can lead to an out of bounds read within the context of the server. An attacker who exploits this vulnerability can cause a denial of service vulnerability on the server.

References

Affected packages

PyPI / tarantool

Package

Name: tarantool; View open source insights on deps.dev
Purl: pkg:pypi/tarantool

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.3.0

0.3.2

0.3.3

0.3.4

0.3.5

0.3.6

0.5.0

0.5.1

0.5.2

0.5.3

0.5.4

0.5.5

0.6.1

0.6.2

0.6.3

0.6.4

0.6.5

0.6.6

0.7.0

0.7.1

0.8.0

0.9.0

0.10.0

0.11.0

0.12.0

0.12.1

1.*

1.0.0

1.1.0

1.1.1

1.1.2

1.2.0

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/tarantool/PYSEC-2016-39.yaml"