Vulnerability Details : CVE-2023-36480
The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running on. Versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 contain a patch for this issue.
Vulnerability category: Execute code
Products affected by CVE-2023-36480
- cpe:2.3:a:aerospike:aerospike_java_client:*:*:*:*:*:*:*:*
- cpe:2.3:a:aerospike:aerospike_java_client:*:*:*:*:*:*:*:*
- cpe:2.3:a:aerospike:aerospike_java_client:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-36480
2.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-36480
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
GitHub, Inc. |
CWE ids for CVE-2023-36480
-
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.Assigned by: security-advisories@github.com (Primary)
References for CVE-2023-36480
-
https://github.com/aerospike/aerospike-client-java/commit/51c65e32837da29435161a2d9c09bbdc2071ecae
CVE-2023-36480 CLIENT-2252 DIsable java runtime serialization/deseria… · aerospike/aerospike-client-java@51c65e3 · GitHubPatch
-
https://github.com/aerospike/aerospike-client-java/commit/80c508cc5ecb0173ce92d7fab8cfab5e77bd9900
CVE-2023-36480 CLIENT-2252 Remove all code that used java runtime ser… · aerospike/aerospike-client-java@80c508c · GitHubPatch
-
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L1157
aerospike-client-java/client/src/com/aerospike/client/async/NettyCommand.java at e40a49b3db0d2b3d45068910e1cb9d917c795315 · aerospike/aerospike-client-java · GitHubProduct
-
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/command/Command.java#L2083
aerospike-client-java/client/src/com/aerospike/client/command/Command.java at e40a49b3db0d2b3d45068910e1cb9d917c795315 · aerospike/aerospike-client-java · GitHubProduct
-
https://github.com/aerospike/aerospike-client-java/commit/66aafb4cd743cf53baffaeaf69b035f51d2e2e36
CVE-2023-36480 CLIENT-2252 DIsable java runtime serialization/deseria… · aerospike/aerospike-client-java@66aafb4 · GitHubPatch
-
https://github.com/aerospike/aerospike-client-java/security/advisories/GHSA-jj95-55cr-9597
Unsafe deserialization of server responses · Advisory · aerospike/aerospike-client-java · GitHubVendor Advisory
-
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L489
aerospike-client-java/client/src/com/aerospike/client/async/NettyCommand.java at e40a49b3db0d2b3d45068910e1cb9d917c795315 · aerospike/aerospike-client-java · GitHubProduct
-
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/NettyCommand.java#L596
aerospike-client-java/client/src/com/aerospike/client/async/NettyCommand.java at e40a49b3db0d2b3d45068910e1cb9d917c795315 · aerospike/aerospike-client-java · GitHubProduct
-
https://github.com/aerospike/aerospike-client-java/commit/02bf28e62fb186f004c82c87b219db2fc5b8262a
CVE-2023-36480 CLIENT-2252 DIsable java runtime serialization/deseria… · aerospike/aerospike-client-java@02bf28e · GitHubPatch
-
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/async/AsyncRead.java#L68
aerospike-client-java/client/src/com/aerospike/client/async/AsyncRead.java at e40a49b3db0d2b3d45068910e1cb9d917c795315 · aerospike/aerospike-client-java · GitHubProduct
-
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/util/Unpacker.java#L227
aerospike-client-java/client/src/com/aerospike/client/util/Unpacker.java at e40a49b3db0d2b3d45068910e1cb9d917c795315 · aerospike/aerospike-client-java · GitHubProduct
-
https://github.com/aerospike/aerospike-client-java/blob/e40a49b3db0d2b3d45068910e1cb9d917c795315/client/src/com/aerospike/client/command/Buffer.java#L53
aerospike-client-java/client/src/com/aerospike/client/command/Buffer.java at e40a49b3db0d2b3d45068910e1cb9d917c795315 · aerospike/aerospike-client-java · GitHubProduct
-
https://support.aerospike.com/s/article/CVE-2023-36480-Aerospike-Java-Client-vulnerable-to-unsafe-deserialization-of-server-responses
CVE-2023-36480 - Aerospike Java Client vulnerable to unsafe deserialization of server responsesVendor Advisory
Jump to