CVE-2023-36480

{"id": "CVE-2023-36480", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2023-08-04T15:15:10.210", "references": [{"url": "https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/AsyncRead.java#L68", "tags": ["Product"], "source": "security-advisories@github.com"}, {"url": "https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L1157", "tags": ["Product"], "source": "security-advisories@github.com"}, {"url": "https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L489", "tags": ["Product"], "source": "security-advisories@github.com"}, {"url": "https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L596", "tags": ["Product"], "source": "security-advisories@github.com"}, {"url": "https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/command/Buffer.java#L53", "tags": ["Product"], "source": "security-advisories@github.com"}, {"url": "https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/command/Command.java#L2083", "tags": ["Product"], "source": "security-advisories@github.com"}, {"url": "https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/util/Unpacker.java#L227", "tags": ["Product"], "source": "security-advisories@github.com"}, {"url": "https://github.com/aerospike/aerospike-client-java/commit/02bf28e62fb186f004c82c87b219db2fc5b8262a", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/aerospike/aerospike-client-java/commit/51c65e32837da29435161a2d9c09bbdc2071ecae", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/aerospike/aerospike-client-java/commit/66aafb4cd743cf53baffaeaf69b035f51d2e2e36", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/aerospike/aerospike-client-java/commit/80c508cc5ecb0173ce92d7fab8cfab5e77bd9900", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/aerospike/aerospike-client-java/security/advisories/GHSA-jj95-55cr-9597", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://support.aerospike.com/s/article/CVE-2023-36480-Aerospike-Java-Client-vulnerable-to-unsafe-deserialization-of-server-responses", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-502"}]}], "descriptions": [{"lang": "en", "value": "The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running on. Versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 contain a patch for this issue."}, {"lang": "es", "value": "El cliente Java de Aerospike es una aplicaci\u00f3n Java que implementa un protocolo de red para comunicarse con un servidor Aerospike. Antes de las versiones 7.0.0, 6.2.0, 5.2.0 y 4.5.0, algunos de los mensajes recibidos del servidor conten\u00edan objetos Java que el cliente deserializaba cuando los encontraba sin validaci\u00f3n adicional. Los atacantes que consiguen enga\u00f1ar a los clientes para que se comuniquen con un servidor malicioso pueden incluir objetos especialmente dise\u00f1ados en sus respuestas que, una vez deserializados por el cliente, le obligan a ejecutar c\u00f3digo arbitrario. Esto se puede aprovechar para tomar el control de la m\u00e1quina en la que se ejecuta el cliente. Las versiones 7.0.0, 6.2.0, 5.2.0 y 4.5.0 contienen un parche para este problema."}], "lastModified": "2023-08-09T17:36:23.510", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aerospike:aerospike_java_client:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8AF2204F-28DD-49CC-8468-CDB842A26AD6", "versionEndExcluding": "4.5.0"}, {"criteria": "cpe:2.3:a:aerospike:aerospike_java_client:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DC4192F-9ADB-4642-8CA0-B2DE4FCCC38D", "versionEndExcluding": "5.2.0", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:aerospike:aerospike_java_client:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C73DE084-C94F-4498-88B2-9D860736FFEC", "versionEndExcluding": "6.2.0", "versionStartIncluding": "6.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}