CVE-2023-36480

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Aug 4, 2023
Updated: Aug 9, 2023
CWE ID 502

Summary

CVE-2023-36480 is a vulnerability affecting the Aerospike Java client prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0. The Java application, used to communicate with an Aerospike server, deserializes messages from the server without adequate validation. Malicious servers can exploit this by sending specially crafted objects, leading to arbitrary code execution once deserialized by the client. This vulnerability can result in attackers gaining control of the client's machine. Versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 have been released with patches to address this issue.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share