UBUNTU-CVE-2016-9037

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2016-9037
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-9037.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-9037
Upstream
Published
2016-12-23T22:59:00Z
Modified
2025-07-16T07:18:01.657765Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

An exploitable out-of-bounds array access vulnerability exists in the xrowheaderdecode function of Tarantool 1.7.2.0-g8e92715. A specially crafted packet can cause the function to access an element outside the bounds of a global array that is used to determine the type of the specified key's value. This can lead to an out of bounds read within the context of the server. An attacker who exploits this vulnerability can cause a denial of service vulnerability on the server.

References

Affected packages

Ubuntu:Pro:16.04:LTS / tarantool

Package

Name
tarantool
Purl
pkg:deb/ubuntu/tarantool@1.6.7.588.g76bbd9c-1build1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.6.3.539.g211672f-1
1.6.7.588.g76bbd9c-1
1.6.7.588.g76bbd9c-1build1