I suppose that's one way to get publicity for a product only five people have heard of.
Talos opens box, three Aerospike vulns fly out
Aerospike NoSQL server DBAs, make sure you've rolled out version 3.11.1.1, because the vulnerabilities it fixes have been made public. Cisco Talos made the three-vuln disclosure after the fix landed, including one denial-of-service and two code execution bugs – all easy to trigger by sending crafted packets. In the DoS bug, …
COMMENTS
-
Wednesday 22nd February 2017 09:23 GMT John Smith 19
"crafted packet makes the server process crash by dereferencing a null pointer."
Mistrust anything that comes from outside your application and anything that a user can overwrite which your application will (or can be made to) read back in.
That idea should be baked into every devs thinking.
But apparently not.