Aerospike.Database.UDF.Lua.Code.Execution

Description

This indicates an attack attempt to exploit a Remote Code Execution Vulnerability in Aerospike Community Edition.
The vulnerability is due to a design flaw when handling a message with crafted UDF. A remote, unauthenticated attacker can exploit the vulnerability by sending message with crafted UDF to a vulnerable application. Successful exploitation can result in remote code execution in the context of the system.

Affected Products

Aerospike Community Edition version 4.5.3.20 and prior
Aerospike Community Edition from version 4.6.0.1 to version 4.6.0.18
Aerospike Community Edition from version 4.7.0.1 to version 4.7.0.16
Aerospike Community Edition from version 4.8.0.1 to version 4.8.0.12
Aerospike Community Edition from version 4.9.0.1 to version 4.9.0.9
Aerospike Community Edition from version 5.0.0.1 to version 5.0.0.6

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.aerospike.com/download/server/notes.html#5.1.0.3
https://www.aerospike.com/enterprise/download/server/notes.html#5.1.0.3

References