back to article Talos opens box, three Aerospike vulns fly out

Aerospike NoSQL server DBAs, make sure you've rolled out version 3.11.1.1, because the vulnerabilities it fixes have been made public. Cisco Talos made the three-vuln disclosure after the fix landed, including one denial-of-service and two code execution bugs – all easy to trigger by sending crafted packets. In the DoS bug, …

  1. Adam 52 Silver badge

    I suppose that's one way to get publicity for a product only five people have heard of.

  2. John Smith 19 Gold badge
    Holmes

    "crafted packet makes the server process crash by dereferencing a null pointer."

    Mistrust anything that comes from outside your application and anything that a user can overwrite which your application will (or can be made to) read back in.

    That idea should be baked into every devs thinking.

    But apparently not.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like